CVE-2007-2832

medium

Description

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34465

http://www.vupen.com/english/advisories/2007/1922

http://www.securitytracker.com/id?1018105

http://www.securityfocus.com/bid/24119

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977

http://www.osvdb.org/35337

http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html

http://secunia.com/advisories/25377

Details

Source: Mitre, NVD

Published: 2007-05-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.17846