Vulnerabilities > CVE-2006-3109 - Unspecified vulnerability in Cisco Call Manager
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN cisco
exploit available
Summary
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Vulnerable Configurations
Exploit-Db
description Cisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS. CVE-2006-3109. Webapps exploit for asp platform id EDB-ID:28061 last seen 2016-02-03 modified 2006-06-19 published 2006-06-19 reporter Jake Reynolds source https://www.exploit-db.com/download/28061/ title Cisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS description Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS. CVE-2006-3109. Webapps exploit for asp platform id EDB-ID:28062 last seen 2016-02-03 modified 2006-06-19 published 2006-06-19 reporter Jake Reynolds source https://www.exploit-db.com/download/28062/ title Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html
- http://secunia.com/advisories/20735
- http://secunia.com/advisories/20735
- http://securityreason.com/securityalert/1114
- http://securityreason.com/securityalert/1114
- http://securitytracker.com/id?1016328
- http://securitytracker.com/id?1016328
- http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
- http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
- http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm
- http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm
- http://www.osvdb.org/26651
- http://www.osvdb.org/26651
- http://www.osvdb.org/26652
- http://www.osvdb.org/26652
- http://www.securityfocus.com/archive/1/437757/100/0/threaded
- http://www.securityfocus.com/archive/1/437757/100/0/threaded
- http://www.securityfocus.com/bid/18504
- http://www.securityfocus.com/bid/18504
- http://www.vupen.com/english/advisories/2006/2443
- http://www.vupen.com/english/advisories/2006/2443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27225