Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2832

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
4.3MEDIUM
EPSS
15.2%
top 5.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Call Manager
Timeline
PublishedMay 24
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/call_manager19 versions+18

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-38rr-jh2c-6vfp: Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 32022-05-01
CVEList
CVE-2007-2832: Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 32007-05-24

💥Exploits & PoCs

1
Exploit-DB
Cisco CallManager 4.1 - Search Form Cross-Site Scripting2007-05-23

📋Vendor Advisories

1
Cisco
Cisco CallManager Web Interface Input Validation Bypass Vulnerability2007-05-23
CVE-2007-2832 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io