CVE-2007-2832

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Call_manager	Cisco	3.3 (including)	3.3 (including)
Call_manager	Cisco	3.3(3) (including)	3.3(3) (including)
Call_manager	Cisco	3.3(3)es61 (including)	3.3(3)es61 (including)
Call_manager	Cisco	3.3(4)es25 (including)	3.3(4)es25 (including)
Call_manager	Cisco	3.3(5) (including)	3.3(5) (including)
Call_manager	Cisco	3.3(5)es30 (including)	3.3(5)es30 (including)
Call_manager	Cisco	3.3(5)sr1 (including)	3.3(5)sr1 (including)
Call_manager	Cisco	3.3(5)sr2 (including)	3.3(5)sr2 (including)
Call_manager	Cisco	4.1 (including)	4.1 (including)
Call_manager	Cisco	4.1(2)es33 (including)	4.1(2)es33 (including)
Call_manager	Cisco	4.1(2)es55 (including)	4.1(2)es55 (including)
Call_manager	Cisco	4.1(3)es07 (including)	4.1(3)es07 (including)
Call_manager	Cisco	4.1(3)es32 (including)	4.1(3)es32 (including)
Call_manager	Cisco	4.1(3)sr1 (including)	4.1(3)sr1 (including)
Call_manager	Cisco	4.1(3)sr2 (including)	4.1(3)sr2 (including)
Call_manager	Cisco	4.1(3)sr3 (including)	4.1(3)sr3 (including)
Call_manager	Cisco	4.2(3) (including)	4.2(3) (including)
Call_manager	Cisco	4.2(3)sr1 (including)	4.2(3)sr1 (including)
Call_manager	Cisco	4.3(1) (including)	4.3(1) (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2832
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References