← back
CVE-2010-0440

CVE-2010-0440

EPSS 4.4%
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/33567unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/38397http://tools.cisco.com/security/center/viewAlert.x?alertId=19843http://www.coresecurity.com/content/cisco-secure-desktop-xsshttp://www.securityfocus.com/archive/1/509290/100/0/threadedhttp://www.securityfocus.com/bid/37960http://www.vupen.com/english/advisories/2010/0273