Cross-Site Scripting Vulnerability in Cisco Secure Desktop
CVE-2010-0440

Currently unrated

Key Information:

Vendor

Cisco
Status
Secure Desktop
Vendor
CVE Published:
3 February 2010

What is CVE-2010-0440?

The vulnerability exists in Cisco Secure Desktop, where a cross-site scripting (XSS) flaw is present in the +CSCOT+/translation component. This deficiency affects various versions, including 3.4.2048 and earlier iterations before 3.5. It is exploited through crafted POST parameters that are inadequately processed by an eval statement in the binary/mainv.js file, which subsequently directs output to start.html. If successfully exploited, this could permit remote attackers to execute arbitrary web scripts or HTML, posing risks to user sessions and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/37960
vdb-entryx_refsource_BID
http://secunia.com/advisories/38397
third-party-advisoryx_refsource_SECUNIA
http://www.coresecurity.com/content/cisco-secure-desktop-xss
x_refsource_MISC

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.