CVE-2006-3109
published 2006-06-21CVE-2006-3109: Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
13.49%
96.0th percentile
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qx6c-cxwr-jfxf: Cross-site scripting (XSS) vulnerability in Cisco CallManager 3
ghsa_unreviewed·2022-05-01
CVE-2006-3109 [MEDIUM] GHSA-qx6c-cxwr-jfxf: Cross-site scripting (XSS) vulnerability in Cisco CallManager 3
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Cisco
Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability
vendor_cisco·2006-06-19·CVSS 4.3
CVE-2006-3109 [MEDIUM] CWE-79 Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability
Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability
Cisco CallManager versions prior to 4.3(1), 4.2(3), 4.1(3)SR4 and 3.3(5)SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the user's browser session.
The vulnerability exists due to improper input sanitization in the CallManager Administration web interface and the CallManager User Options web interface. An attacker could exploit the vulnerability by convincing a user to follow a link designed to pass malicious script code to a vulnerable parameter. This could allow the attacker to execute arbitrary script code in the user's browser session in the context of the affected site.
Proof-of-concept code is available.
Cisco has confirm
No detection rules found.
Exploit-DB
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting
exploitdb·2006-06-19
CVE-2006-3109 Cisco CallManager 3.x/4.x - 'Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18504/info
Cisco CallManager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the web-interface to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting administrative user in the context of the affected site. This may help the attacker launch other attacks.
http://www.example.com/CallManagerAddress/ccmadmin/phonelist.asp?findBy=description&match=begins&pattern=alert(document.cookie)&submit1=Find&rows=20&wildcards=on&utilityList=
Exploit-DB
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
exploitdb·2006-06-19
CVE-2006-3109 Cisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18504/info
Cisco CallManager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the web-interface to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting administrative user in the context of the affected site. This may help the attacker launch other attacks.
http://www.example.com/CallManagerAddress/ccmuser/logon.asp?userID=&password=&MadeUpParameter=">for (i=0; i<!--
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.htmlhttp://secunia.com/advisories/20735http://securityreason.com/securityalert/1114http://securitytracker.com/id?1016328http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.htmlhttp://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htmhttp://www.osvdb.org/26651http://www.osvdb.org/26652http://www.securityfocus.com/archive/1/437757/100/0/threadedhttp://www.securityfocus.com/bid/18504http://www.vupen.com/english/advisories/2006/2443https://exchange.xforce.ibmcloud.com/vulnerabilities/27225http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.htmlhttp://secunia.com/advisories/20735http://securityreason.com/securityalert/1114http://securitytracker.com/id?1016328http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.htmlhttp://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htmhttp://www.osvdb.org/26651http://www.osvdb.org/26652http://www.securityfocus.com/archive/1/437757/100/0/threadedhttp://www.securityfocus.com/bid/18504http://www.vupen.com/english/advisories/2006/2443https://exchange.xforce.ibmcloud.com/vulnerabilities/27225
2006-06-21
Published