CVE-2007-4633
Summary
| CVE | CVE-2007-4633 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-31 23:17:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Call Manager | 3.3\(5\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 3.3\(5\)sr2a | All | All | All |
| Hardware | Cisco | Call Manager | 4.1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.1\(3\)sr4 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(1\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(2\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr1 | All | All | All |
| Hardware | Cisco | Call Manager | 4.2\(3\)sr2 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3 | All | All | All |
| Hardware | Cisco | Call Manager | 4.3\(1\) | All | All | All |
| Hardware | Cisco | Call Manager | 4.3\(1\)sr1 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3sr2 | All | All | All |
| Application | Cisco | Unified Communications Manager | 4.2.3sr2b | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page - Cisco Systems | af854a3a-2127-422b-91ae-364da2661108 | www.cisco.com | Patch, Vendor Advisory |
| Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Cisco CallManager / CUCM Cross-Site Scripting and SQL Injection - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Cisco CallManager/Unified Communications Manager Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.