CVE-2010-1905

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
consonaconsona_live_assistance
*
consonaconsona_dynamic_agent
-
consonaconsona_dynamic_agent
-
consonaconsona_dynamic_agent
-
consonaconsona_subscriber_assistance
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/39740
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.securityfocus.com/bid/39999
http://www.wintercore.com/downloads/rootedcon_0day.pdf
http://secunia.com/advisories/39740
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.securityfocus.com/bid/39999
http://www.wintercore.com/downloads/rootedcon_0day.pdf