CVE-2010-1905 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance Dynamic Agent and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.

Reference

http://secunia.com/advisories/39740 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf http://www.kb.cert.org/vuls/id/602801 http://www.securityfocus.com/archive/1/511176/100/0/threaded http://www.securityfocus.com/bid/39999 http://www.wintercore.com/downloads/rootedcon_0day.pdf Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance Dynamic Agent and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.