VDB
CVE-2007-4633
CVE-2007-4633
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
EPSS 0.55% · 68.4th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.55%
68.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| cisco | unified_communications_manager | 4.2.3sr2, 4.2.3sr2b |
| cisco | call_manager | 4.1, 4.1\(3\)sr1, 4.1\(3\)sr3 |
Exploit Intelligence
- 1018624 (circl)
- 20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page (circl)
- 26641 (circl)
- cisco-cucm-admin-xss(36325) (circl)
- 25480 (circl)
- ADV-2007-3010 (circl)
Timeline
- Aug 29, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 1018624 vdb
- 20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page vendor-advisory
- 26641 third-party-advisory
- cisco-cucm-admin-xss(36325) vdb
- 25480 vdb
- ADV-2007-3010 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-4633 advisory