Cisco CallManager crossite scripting and SQL injection updated since 25.05.2007
Published:		31.08.2007
Source:		BUGTRAQ
SecurityVulns ID:		7740
Type:		remote
Level:		5/10
Description:		Crossite scripting via /CCMAdmin/serverlist.asp. SQL injection with /CCMUser/logon.asp.

Affected:

CISCO : CallManager 4.1

Original document		Elliot Kendall, SQL Injection in Cisco CallManager (31.08.2007)
		CISCO, Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page (29.08.2007)
		Stefan Friedli, Cisco CallManager 4.1 Input Validation Vulnerability (25.05.2007)

Discuss:

Read or add your comments to this news (0 comments)