Cross-Site Scripting Vulnerability in Cisco CallManager
CVE-2006-3109

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 21 June 2006

Summary

A cross-site scripting vulnerability exists in Cisco CallManager versions prior to specified updates, allowing remote attackers to inject arbitrary web scripts or HTML. This can occur through the 'pattern' parameter in 'ccmadmin/phonelist.asp' and other parameters in the 'ccmuser/logon.asp' page. Successful exploitation can lead to unauthorized access and manipulation of user sessions, posing a significant security risk for affected installations.

References

http://securityreason.com/securityalert/1114

third-party-advisoryx_refsource_SREASON

http://www.osvdb.org/26651

vdb-entryx_refsource_OSVDB

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cis...

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 21, 2006
Vulnerability Reserved
Jun 20, 2006