Description
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ruben Santamarta · textwebappsasp
https://www.exploit-db.com/exploits/33959
References (7)
Core 7
Core References
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/602801
Various Sources x_refsource_misc
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
Exploit x_refsource_misc
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511176/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39740
Patch, Vendor Advisory x_refsource_confirm
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39999
Scores
EPSS
0.0329
EPSS Percentile
87.3%
Details
CWE
CWE-79
Status
published
Products (3)
consona/consona_dynamic_agent
(3 CPE variants)
consona/consona_live_assistance
consona/consona_subscriber_assistance
Published
May 12, 2010
Tracked Since
Feb 18, 2026