Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Secure Desktop crossite scripting
Published:04.02.2010
Source:
SecurityVulns ID:10582
Type:remote
Threat Level:
5/10
Description:Crossite scripting via POST request to https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us
Affected:CISCO : Cisco Secure Desktop 3.4
CVE:CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.)
Original documentdocumentCISCO, [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection (04.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod