CVE-2006-3109
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
MEDIUM · CVSS 4.3
EPSS 0.22885
Schedule remediation
- EPSS ≥ 0.10 - elevated exploitation probability
- EPSS percentile: top 4% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
Sigma rules0
YARA rules0