Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
secunia.com/advisories/39740
wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
www.kb.cert.org/vuls/id/602801
www.securityfocus.com/archive/1/511176/100/0/threaded
www.securityfocus.com/bid/39999
www.wintercore.com/downloads/rootedcon_0day.pdf