1. Home
  2. CVE Database
  3. CVE-2010-1905
MEDIUM · 4.3

CVE-2010-1905

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input...

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
ConsonaConsona Live AssistanceAll versions
ConsonaConsona Dynamic Agent-
ConsonaConsona Subscriber AssistanceAll versions

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2010-1905?

CVE-2010-1905 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input...

How severe is CVE-2010-1905?

CVE-2010-1905 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1905?

Check the references section above for vendor advisories and patch information. Affected products include: Consona Consona Live Assistance, Consona Consona Dynamic Agent, Consona Consona Subscriber Assistance.