Vulnerabilities > CVE-2006-3109 - Cross-Site Scripting vulnerability in Cisco CallManager

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
cisco
exploit available
NVD
Published: 2006-06-21
Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
21

Exploit-Db

  • descriptionCisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS. CVE-2006-3109. Webapps exploit for asp platform
    idEDB-ID:28061
    last seen2016-02-03
    modified2006-06-19
    published2006-06-19
    reporterJake Reynolds
    sourcehttps://www.exploit-db.com/download/28061/
    titleCisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS
  • descriptionCisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS. CVE-2006-3109. Webapps exploit for asp platform
    idEDB-ID:28062
    last seen2016-02-03
    modified2006-06-19
    published2006-06-19
    reporterJake Reynolds
    sourcehttps://www.exploit-db.com/download/28062/
    titleCisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS

References