Cisco CallManager 4.1 - Search Form Cross-Site Scripting Vulnerability

2007-05-23T00:00:00
ID EDB-ID:30077
Type exploitdb
Reporter Marc Ruef
Modified 2007-05-23T00:00:00

Description

Cisco CallManager 4.1 Search Form Cross Site Scripting Vulnerability. CVE-2007-2832. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/24119/info

Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected. 

https://www.example.com/CCMAdmin/serverlist.asp?findBy=servername&match=begins&pattern=[xss]