Cisco CallManager/Communications Manager SQL Injection and Cross-Site Scripting Vulnerabilities

Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerability and an SQL-injection vulnerability.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


Privacy Statement
Copyright 2010, SecurityFocus