A vulnerability has been found in Cisco's Secure Desktop that leaves it open to cross-site scripting (XSS) attacks.

"Affected versions of Cisco Secure Desktop mishandle some browser requests therein making end users vulnerable to targeted online attacks that seek to exploit the XSS vulnerability that is created by the malfunction," according to Help Net Security. "Cross-Site scripting threats can be used to do everything from stealing IT systems log-in credentials to tricking people into visiting fraudulent phishing and malware-distribution sites."

"Cisco issued an update to Secure Desktop that addresses the vulnerability (CSCsw15646) on Feb. 1, 2010," the article states.

Click here to read the article at Help Net Security.