Cross-Site Scripting Vulnerability in Cisco CallManager

vendor:

Cisco CallManager

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: Cisco CallManager

Affected Version From: Cisco CallManager 4.1.1

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:cisco:callmanager:4.1.1

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Cross-Site Scripting Vulnerability in Cisco CallManager

The Cisco CallManager application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks on unsuspecting users, potentially stealing authentication credentials and launching further attacks.

Mitigation:

Cisco has not provided a specific mitigation or remediation for this vulnerability.

Source

Cross-Site Scripting Vulnerability in Cisco CallManager

Mitigation:

Exploit-DB raw data: