CVE-2007-2832 Information

Description

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3 4.1 before 4.1(3)sr5 4.2 before 4.2(3)sr2 and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

Reference

http://marc.info/?l=full-disclosure&m=117993122727006&w=2 http://secunia.com/advisories/25377 http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html http://www.osvdb.org/35337 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 http://www.securityfocus.com/bid/24119 http://www.securitytracker.com/id?1018105 http://www.vupen.com/english/advisories/2007/1922 https://exchange.xforce.ibmcloud.com/vulnerabilities/34465