CVE-2007-2832
published 2007-05-24CVE-2007-2832: Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
6.49%
92.9th percentile
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
| cisco | call_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-38rr-jh2c-6vfp: Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3
ghsa_unreviewed·2022-05-01
CVE-2007-2832 [MEDIUM] GHSA-38rr-jh2c-6vfp: Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Cisco
Cisco CallManager Web Interface Input Validation Bypass Vulnerability
vendor_cisco·2007-05-23·CVSS 4.3
CVE-2007-2832 [MEDIUM] CWE-79 Cisco CallManager Web Interface Input Validation Bypass Vulnerability
Cisco CallManager Web Interface Input Validation Bypass Vulnerability
Cisco CallManager versions 4.3(1) and prior contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and conduct cross-site scripting attacks.
This vulnerability exists due to insufficient sanitization of user-supplied input to the CallManager web interface search form. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious link. This action could allow the attacker to execute arbitrary HTML code within a user's browser session.
A functional URL is publicly available.
Cisco confirmed this vulnerability in a security response and released updated software.
Attackers rely on user interaction to accomplish an expl
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=117993122727006&w=2http://secunia.com/advisories/25377http://www.cisco.com/en/US/products/products_security_response09186a0080849272.htmlhttp://www.osvdb.org/35337http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977http://www.securityfocus.com/bid/24119http://www.securitytracker.com/id?1018105http://www.vupen.com/english/advisories/2007/1922https://exchange.xforce.ibmcloud.com/vulnerabilities/34465http://marc.info/?l=full-disclosure&m=117993122727006&w=2http://secunia.com/advisories/25377http://www.cisco.com/en/US/products/products_security_response09186a0080849272.htmlhttp://www.osvdb.org/35337http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977http://www.securityfocus.com/bid/24119http://www.securitytracker.com/id?1018105http://www.vupen.com/english/advisories/2007/1922https://exchange.xforce.ibmcloud.com/vulnerabilities/34465
2007-05-24
Published