Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3109

CWE-79Cross-site Scripting (XSS)6 documents5 sources
Severity
4.3MEDIUM
EPSS
22.9%
top 4.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Call Manager
Timeline
PublishedJun 21
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/call_manager21 versions+20

Patches

Patch: securitytracker.comPatch: www.cisco.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-qx6c-cxwr-jfxf: Cross-site scripting (XSS) vulnerability in Cisco CallManager 32022-05-01
CVEList
CVE-2006-3109: Cross-site scripting (XSS) vulnerability in Cisco CallManager 32006-06-21

💥Exploits & PoCs

2
Exploit-DB
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting2006-06-19
Exploit-DB
Cisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting2006-06-19

📋Vendor Advisories

1
Cisco
Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability2006-06-19
CVE-2006-3109 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io