Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3109

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3109
Last Modified 07 Mar 2011 09:37:50
Published 20 Jun 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3109

Summary

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

Vulnerable Systems


References

CISCO - 20060619 Cisco Response to: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks

SECTRACK - 1016328

VUPEN - ADV-2006-2443

BID - 18504

BUGTRAQ - 20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks

MISC - http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm

XF - cisco-callmanager-web-xss(27225)

OSVDB - 26652

OSVDB - 26651

SREASON - 1114

SECUNIA - 20735

FULLDISC - 20060620 Re: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks


Last Updated: 27 May 2016 10:42:53