CVE-2010-0440

Name: CVE-2010-0440
Creator: NVD / NIST
Published: 2010-02-03T18:30:00.813+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.36%

Last modified Jun 16, 2026

CVE-2010-0440 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.. EPSS estimates a 4.36% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.

Metrics

EPSS Probability

4.36%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Cisco	Secure Desktop	< 3.5
Cisco	Adaptive Security Appliance Software	>= 8.1, < 8.1\(2.7\)
Cisco	Adaptive Security Appliance Software	>= 8.0, < 8.0\(5\)
Cisco	Adaptive Security Appliance Software	>= 8.2, < 8.2\(1\)

References

http://secunia.com/advisories/38397Third Party Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843Patch, Vendor Advisory
http://www.coresecurity.com/content/cisco-secure-desktop-xssExploit, Third Party Advisory
http://www.securityfocus.com/archive/1/509290/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/37960Exploit, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2010/0273Third Party Advisory
http://secunia.com/advisories/38397Third Party Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843Patch, Vendor Advisory
http://www.coresecurity.com/content/cisco-secure-desktop-xssExploit, Third Party Advisory
http://www.securityfocus.com/archive/1/509290/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/37960Exploit, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2010/0273Third Party Advisory

Timeline

Published: Feb 3, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0440?

How severe is CVE-2010-0440?

Severity scoring for CVE-2010-0440 is pending analysis. The EPSS model estimates a 4.36% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0440?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0440?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST