The web interface used to administer Cisco CallManager software suffers from a lack of input validation and output encoding. As a result, an attacker could craft a request that causes the CallManager web interface to include malicious JavaScript in its response. Versions 3.1 and above were tested and found vulnerable.
a3e2245ce1c606ad2f2b81f2bb5acfe79254b1df8be15ec4f6defeb2a36d98b0