← voltar
CVE-2006-3109

CVE-2006-3109

EPSS 13.5%
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/28061não verificadoexploitdbwww.exploit-db.com/exploits/28062não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.htmlhttp://secunia.com/advisories/20735http://securityreason.com/securityalert/1114http://securitytracker.com/id?1016328https://exchange.xforce.ibmcloud.com/vulnerabilities/27225http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.htmlhttp://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htmhttp://www.osvdb.org/26651http://www.osvdb.org/26652http://www.securityfocus.com/archive/1/437757/100/0/threadedhttp://www.securityfocus.com/bid/18504