CVE-2007-2832

Name of the Vulnerable Software and Affected Versions Cisco CallManager versions prior to 3.3(5)sr3 Cisco CallManager versions prior to 4.1(3)sr5 Cisco CallManager versions prior to 4.2(3)sr2 Cisco CallManager versions prior to 4.3(1)sr1

Description A cross-site scripting (XSS) issue exists in the web application firewall of Cisco CallManager, allowing remote attackers to inject arbitrary web script or HTML via the pattern parameter to "CCMAdmin/serverlist.asp" and possibly other unspecified vectors.

Recommendations For versions prior to 3.3(5)sr3, update to version 3.3(5)sr3 or later. For versions prior to 4.1(3)sr5, update to version 4.1(3)sr5 or later. For versions prior to 4.2(3)sr2, update to version 4.2(3)sr2 or later. For versions prior to 4.3(1)sr1, update to version 4.3(1)sr1 or later.