CVE-2006-3109

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 21 June 2006

Summary

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

References

http://securityreason.com/securityalert/1114

third-party-advisoryx_refsource_SREASON

http://www.osvdb.org/26651

vdb-entryx_refsource_OSVDB

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cis...

x_refsource_MISC

Timeline

Vulnerability published
Jun 21, 2006
Vulnerability Reserved
Jun 20, 2006