Unrated severityNVD Advisory· Published May 12, 2010· Updated Apr 29, 2026

CVE-2010-1905

Description

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.

Affected products

Consona/Consona Dynamic Agent3 versions
cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*+ 2 more
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
Consona/Consona Live Assistance
cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*
Consona/Consona Subscriber Assistance
cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdfnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/602801nvdPatchUS Government Resource
www.securityfocus.com/bid/39999nvdExploit
www.wintercore.com/downloads/rootedcon_0day.pdfnvdExploit
secunia.com/advisories/39740nvdVendor Advisory
wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.htmlnvd
www.securityfocus.com/archive/1/511176/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000