Cisco CallManager Search Form Cross Site Scripting Vulnerability
BID:24119
Info
Cisco CallManager Search Form Cross Site Scripting Vulnerability
| Bugtraq ID: | 24119 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2832 |
| Remote: | Yes |
| Local: | No |
| Published: | May 23 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Marc Ruef and Stefan Friedli are credited with discovering this vulnerability. |
| Vulnerable: |
phpPgAdmin phpPgAdmin 4.1.1 Cisco Unified CallManager 4.1(3)sr5 Cisco Unified CallManager 4.1(3)SR4 Cisco Unified CallManager 4.1 |
| Not Vulnerable: |
Cisco Unified Communications Manager 4.2(3)sr2 Cisco Unified CallManager 4.3(1)sr1 Cisco Unified CallManager 3.3(5)sr3 |
Discussion
Cisco CallManager Search Form Cross Site Scripting Vulnerability
Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected.
Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected.
Exploit / POC
Cisco CallManager Search Form Cross Site Scripting Vulnerability
An attacker must entice an unsuspecting victim into following a malicious URI to exploit this issue.
The following proof-of-concept URI is available:
https://www.example.com/CCMAdmin/serverlist.asp?findBy=servername&match=begins&pattern=[xss]
An attacker must entice an unsuspecting victim into following a malicious URI to exploit this issue.
The following proof-of-concept URI is available:
https://www.example.com/CCMAdmin/serverlist.asp?findBy=servername&match=begins&pattern=[xss]
Solution / Fix
Cisco CallManager Search Form Cross Site Scripting Vulnerability
Solution:
The vendor released updates to address this issue. Please contact the vendor for information on how to obtain and apply these updates.
Solution:
The vendor released updates to address this issue. Please contact the vendor for information on how to obtain and apply these updates.
References
Cisco CallManager Search Form Cross Site Scripting Vulnerability
References:
References: