VYPR
Unrated severityNVD Advisory· Published Feb 3, 2010· Updated Jun 16, 2026

CVE-2010-0440

CVE-2010-0440

Description

Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*range: >=8.1,<8.1\(2.7\)
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*range: >=8.0,<8.0\(5\)
    • (no CPE)range: <8.2(1)
  • cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*range: <3.5
    • (no CPE)range: <3.5

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.