Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco Secure Desktop translation参数跨站脚本漏洞
Vulnerability Description
Cisco Secure Desktop(CSD)可以通过加密降低远程用户注销或SSL VPN会话超时后Cookies、浏览器历史记录、临时文件和下载内容在系统上所遗留的风险。 Cisco Secure Desktop的+CSCOT+/translation中存在跨站脚本攻击漏洞。由于没有充分过滤写入脚本start.html的binary/mainv.js的eval语句,远程攻击者可以借助一个特制的POST请求参数,触发跨站脚本攻击,导致任意web脚本和HTML注入。
CVSS Information
N/A
Vulnerability Type
N/A