Cross-Site Scripting Vulnerability in Cisco Secure Desktop
CVE-2010-0440

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 3 February 2010

Summary

The vulnerability exists in Cisco Secure Desktop, where a cross-site scripting (XSS) flaw is present in the +CSCOT+/translation component. This deficiency affects various versions, including 3.4.2048 and earlier iterations before 3.5. It is exploited through crafted POST parameters that are inadequately processed by an eval statement in the binary/mainv.js file, which subsequently directs output to start.html. If successfully exploited, this could permit remote attackers to execute arbitrary web scripts or HTML, posing risks to user sessions and data integrity.

References

http://www.securityfocus.com/bid/37960

vdb-entryx_refsource_BID

http://secunia.com/advisories/38397

third-party-advisoryx_refsource_SECUNIA

http://www.coresecurity.com/content/cisco-secure-desktop-xss

x_refsource_MISC

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 3, 2010
Vulnerability Reserved
Jan 27, 2010