Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager prior to 3.3(5)sr3, 4.1 prior to 4.1(3)sr5, 4.2 prior to 4.2(3)sr2, and 4.3 prior to 4.3(1)sr1 allows remote malicious users to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco call manager 3.3\\(4\\)es25 |
||
cisco call manager 3.3\\(5\\) |
||
cisco call manager 4.1\\(3\\)es07 |
||
cisco call manager 4.1\\(3\\)es32 |
||
cisco call manager 3.3 |
||
cisco call manager 3.3\\(5\\)sr2 |
||
cisco call manager 4.1 |
||
cisco call manager 4.1\\(3\\)sr3 |
||
cisco call manager 4.2\\(3\\) |
||
cisco call manager 3.3\\(5\\)es30 |
||
cisco call manager 3.3\\(5\\)sr1 |
||
cisco call manager 4.1\\(3\\)sr1 |
||
cisco call manager 4.1\\(3\\)sr2 |
||
cisco call manager 3.3\\(3\\) |
||
cisco call manager 3.3\\(3\\)es61 |
||
cisco call manager 4.1\\(2\\)es33 |
||
cisco call manager 4.1\\(2\\)es55 |
||
cisco call manager 4.2\\(3\\)sr1 |
||
cisco call manager 4.3\\(1\\) |
Vulmon