Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 prior to 3.3(5)SR3, 4.1 prior to 4.1(3)SR4, 4.2 prior to 4.2(3), and 4.3 prior to 4.3(1), allows remote malicious users to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco call manager 3.3\\(4\\)es25 |
||
cisco call manager 3.3\\(5\\) |
||
cisco call manager 3.3\\(5\\)es30 |
||
cisco call manager 4.1\\(3\\)es32 |
||
cisco call manager 3.3 |
||
cisco call manager 4.1 |
||
cisco call manager 4.1\\(2\\)es33 |
||
cisco call manager 4.2 |
||
cisco call manager 4.2\\(1\\) |
||
cisco call manager 3.3\\(5\\)sr1 |
||
cisco call manager 3.3\\(5\\)sr2 |
||
cisco call manager 4.1\\(3\\)sr2 |
||
cisco call manager 4.1\\(3\\)sr3 |
||
cisco call manager 4.1\\(3\\)sr1 |
||
cisco call manager 4.3\\(1\\) |
||
cisco call manager 3.3\\(3\\) |
||
cisco call manager 3.3\\(3\\)es61 |
||
cisco call manager 4.1\\(2\\)es55 |
||
cisco call manager 4.1\\(3\\)es07 |
||
cisco call manager 4.2\\(2\\) |
||
cisco call manager 4.3 |