CVE-2006-3109

CVE Database · CVE-2006-3109

CVE-2006-3109

· N/AModified

CVSS v3.1

N/A

EPSS

13.49%

Published

Jun 20, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (3)

All weaponized →

Exploit-DBCisco CallManager 3.x/4.x - 'Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting Exploit-DBCisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

Affected Products (21)

cisco · call_managervulnerable

References (20)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html

http://secunia.com/advisories/20735

http://securityreason.com/securityalert/1114

http://securitytracker.com/id?1016328

ExploitPatch

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html

Patch

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm

Exploit

http://www.osvdb.org/26651

http://www.osvdb.org/26652

KEV Catalog EPSS Scores Vendors All CVEs