Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
# 1  
Old 12-24-2007
R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from (12 Replies)
Discussion started by: koutroul
12 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mojomojo::formatter::defang

MojoMojo::Formatter::Defang(3pm)			User Contributed Perl Documentation			  MojoMojo::Formatter::Defang(3pm)

NAME

       MojoMojo::Formatter::Defang - Scrub user HTML and XSS

DESCRIPTION

       This formatter makes sure only a safe range of tags are allowed, using MojoMojo::Defang; It also tries to remove XSS attempts.

METHODS

   format_content_order
       Format order can be 1-99. The Defang formatter runs on 16, just after the main formatter, in order to catch direct user input. Defang
       trusts the main formatter and all subsequently ran plugins to not output unsafe HTML.

   defang_tags_callback
       Callback for custom handling specific HTML tags

   defang_url_callback
       Callback for custom handling URLs in HTML attributes as well as styletag/attribute declarations

   defang_css_callback
       Callback for custom handling style tags/attributes.

   defang_attribs_callback
       Callback for custom handling HTML tag attributes.

   format_content
       Calls the formatter. Takes a ref to the content as well as the context object.

SEE ALSO

       MojoMojo, Module::Pluggable::Ordered, MojoMojo::Defang

AUTHORS

       Marcus Ramberg <mramberg@cpan.org>

LICENSE

       This library is free software. You can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2010-05-23					  MojoMojo::Formatter::Defang(3pm)