4.3

CVE-2007-2832

Exploit
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoCall Manager Version3.3
CiscoCall Manager Version4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.49% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=full-disclosure&m=117993122727006&w=2
Vendor Advisory
Exploit
http://secunia.com/advisories/25377
Patch
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html
http://www.osvdb.org/35337
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977
http://www.securityfocus.com/bid/24119
http://www.securitytracker.com/id?1018105
http://www.vupen.com/english/advisories/2007/1922
https://exchange.xforce.ibmcloud.com/vulnerabilities/34465