{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1018624", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018624"}, {"name": "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml"}, {"name": "26641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26641"}, {"name": "cisco-cucm-admin-xss(36325)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325"}, {"name": "25480", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25480"}, {"name": "ADV-2007-3010", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1018624", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018624"}, {"name": "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml"}, {"name": "26641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26641"}, {"name": "cisco-cucm-admin-xss(36325)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325"}, {"name": "25480", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25480"}, {"name": "ADV-2007-3010", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:10.199Z"}, "title": "CVE Program Container", "references": [{"name": "1018624", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018624"}, {"name": "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml"}, {"name": "26641", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26641"}, {"name": "cisco-cucm-admin-xss(36325)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325"}, {"name": "25480", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25480"}, {"name": "ADV-2007-3010", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3010"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4633", "datePublished": "2007-08-31T23:00:00.000Z", "dateReserved": "2007-08-31T00:00:00.000Z", "dateUpdated": "2024-08-07T15:01:10.199Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "B6049596-9D62-4EC4-BEAE-A2023F6F3346", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2:*:*:*:*:*:*:*", "matchCriteriaId": "87560280-EF6A-46DC-9368-0C98E0A5B7E8", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "matchCriteriaId": "F977BD4D-308D-4415-9302-5C44238881A7", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "373E71AE-C735-4476-A574-56C35BAD8DB0", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "9F9AA9D0-3205-4A5D-8161-C80D1855D91E", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "matchCriteriaId": "B771F3F8-CD24-4710-A7A8-D4F9E0DB4BB2", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "matchCriteriaId": "71DA8A99-A678-42F8-AFC5-323E77D9BCC5", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "D3C30434-29FD-45D4-B9D8-BEB65FE4471A", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7FA55FCB-FFFB-495F-86A8-262E7995B519", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "E6ECFC2B-9978-46FF-BC4E-A81B9B835E29", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "3979687E-2BDE-42CD-ACF6-5EE3AF6CD5B2", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "EB63E43F-96D1-442E-8AA7-B0183117F6A4", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "86960ABE-F133-49EE-A8E3-70CF1DD93ADC", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr2:*:*:*:*:*:*:*", "matchCriteriaId": "36C8C9AA-8AA2-40C2-88A2-0860543601C6", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "98B77A94-5477-4703-9421-2266EC603319", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "5AF86C50-A2B2-4944-8361-C67766DCA2DA", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:call_manager:4.3\\(1\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "C98C1833-23B0-4559-BA64-A8BD30828ACB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante la variable lang en la p\u00e1gina de acceso de (1) usuario \u00f3 (2) administrador, tambi\u00e9n conocido como CSCsi10728."}], "id": "CVE-2007-4633", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-31T23:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26641"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018624"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25480"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3010"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}