4.3
CVE-2007-2832
- EPSS 6.49%
- Veröffentlicht 24.05.2007 02:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Call Manager Version3.3
Cisco ≫ Call Manager Version4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.49% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://marc.info/?l=full-disclosure&m=117993122727006&w=2
http://secunia.com/advisories/25377
http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html
http://www.osvdb.org/35337
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977
http://www.securityfocus.com/bid/24119
http://www.securitytracker.com/id?1018105
http://www.vupen.com/english/advisories/2007/1922
https://exchange.xforce.ibmcloud.com/vulnerabilities/34465