CVE-2006-3109

Published: Jun 21, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

Affected (21)

Products: Cisco: Call Manager

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Cisco Call Manager	Version 3.3
Cisco Call Manager	Version 3.3(3)
Cisco Call Manager	Version 3.3(3)es61
Cisco Call Manager	Version 3.3(4)es25
Cisco Call Manager	Version 3.3(5)
Cisco Call Manager	Version 3.3(5)es30
Cisco Call Manager	Version 3.3(5)sr1
Cisco Call Manager	Version 3.3(5)sr2
Cisco Call Manager	Version 4.1
Cisco Call Manager	Version 4.1(2)es33
Cisco Call Manager	Version 4.1(2)es55
Cisco Call Manager	Version 4.1(3)es07
Cisco Call Manager	Version 4.1(3)es32
Cisco Call Manager	Version 4.1(3)sr1
Cisco Call Manager	Version 4.1(3)sr2
Cisco Call Manager	Version 4.1(3)sr3
Cisco Call Manager	Version 4.2
Cisco Call Manager	Version 4.2(1)
Cisco Call Manager	Version 4.2(2)
Cisco Call Manager	Version 4.3
Cisco Call Manager	Version 4.3(1)

References (26)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html

Source: cve@mitre.org

http://secunia.com/advisories/20735

Source: cve@mitre.org

http://securityreason.com/securityalert/1114

Source: cve@mitre.org

http://securitytracker.com/id?1016328

Source: cve@mitre.org

ExploitPatch

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html

Source: cve@mitre.org

Patch

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm

Source: cve@mitre.org

Exploit

http://www.osvdb.org/26651

Source: cve@mitre.org

http://www.osvdb.org/26652

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/437757/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18504

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/2443

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27225

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20735

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1114

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016328

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/26651

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26652

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/437757/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18504

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/2443

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/27225

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.