关于 CVE-2010-0440 的漏洞信息

1. 漏洞描述
From NVD
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
From 神龙GPT (AIGC)
跨站点脚本(XSS)漏洞在+CSCOT+/在Cisco Secure Desktop 3.4.2048和其他版本之前3.5;在Cisco ASA设备8.2(1)8.1(2.7)和8.0(5)之前使用;允许远程攻击者通过构造的POST参数注入任意的Web脚本或HTML,而start.html的二进制/mainv.js中的 eval 语句未能正确处理。
2. 漏洞评分(CVSS)
From NVD
NVD 暂无评分
From 神龙GPT (AIGC)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3. 漏洞类别
From NVD
NVD 暂无漏洞类别信息
From 神龙GPT (AIGC)
神龙GPT 暂无漏洞类别信息(请耐心等待)
Reference