Signature Detail
Short Name |
HTTP:XSS:CISCO-XSS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco CallManager XSS Cross Site Scripting |
Release Date |
2007/06/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cisco CallManager Search Form Cross Site Scripting Vulnerability
This signature detects attempts to exploit a known vulnerability against Cisco CallManager Search Forms. An attacker can create a malicious Web site containing dangerous Cross-Site Scripting, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected.
Affected Products
- Cisco Unified CallManager 4.1
- Cisco Unified CallManager 4.1(3)SR4
- Cisco Unified CallManager 4.1(3)Sr5
- phpPgAdmin 4.1.1
References
- BugTraq: 24119
- URL: http://www.securityfocus.com/archive/1/469349