Cisco CallManager 4.1 - Search Form Cross-Site Scripting Vulnerability

ID EDB-ID:30077
Type exploitdb
Reporter Marc Ruef
Modified 2007-05-23T00:00:00


Cisco CallManager 4.1 Search Form Cross Site Scripting Vulnerability. CVE-2007-2832. Webapps exploit for asp platform


Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected.[xss]