CVE-2010-0440
Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de un parámetro POST manipulado, el cual no es correctamente gestionado por una declaración eval en binary/mainv.js que escribe start.html.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-26 First Exploit
- 2010-01-27 CVE Reserved
- 2010-02-02 CVE Published
- 2024-05-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/38397 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/509290/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2010/0273 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33567 | 2010-01-26 | |
| http://www.coresecurity.com/content/cisco-secure-desktop-xss | 2024-08-07 | |
| http://www.securityfocus.com/bid/37960 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 | 2023-08-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 8.1 < 8.1\(2.7\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 8.1 < 8.1\(2.7\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 8.0 < 8.0\(5\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 8.0 < 8.0\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | >= 8.2 < 8.2\(1\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 8.2 < 8.2\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | < 3.5 Search vendor "Cisco" for product "Secure Desktop" and version " < 3.5" | - |
Affected
| ||||||