CVE-2007-4633

CWE-79 — Cross-site Scripting (XSS)CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.6%

top 32.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Call Manager Cisco Unified Communications Manager

Timeline

PublishedAug 31

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/unified_communications_manager4.2.3sr2, 4.2.3sr2b+1

▶NVDcisco/call_manager17 versions+16

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-89hr-m868-h7qm: Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3↗2022-05-01

▶

CVEList

CVE-2007-4633: Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3↗2007-08-31

▶

📋Vendor Advisories

Cisco

XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page↗2007-08-29

▶