CVE-2010-0440: XSS
First published: Wed Feb 03 2010(Updated: )
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Desktop | <3.5 | |
| Cisco Adaptive Security Appliance Software | >=8.1<8.1\(2.7\) | |
| Cisco Adaptive Security Appliance Software | >=8.0<8.0\(5\) | |
| Cisco Adaptive Security Appliance Software | >=8.2<8.2\(1\) | |
| Cisco ASA 5500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/38397
- http://www.coresecurity.com/content/cisco-secure-desktop-xss
- http://www.securityfocus.com/bid/37960
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19843
- http://www.vupen.com/english/advisories/2010/0273
- http://www.securityfocus.com/archive/1/509290/100/0/threaded
- collector/nvd-historical
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco secure desktop
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.1
- version/cisco adaptive security appliance software/8.0
- version/cisco adaptive security appliance software/8.2
- canonical/cisco asa 5500