CVE-2018-19439 – Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-19439

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. Existe Cross-Site Scripting (XSS) en la consola de administración en Oracle Secure Global Desktop 4.4 20080807152602 (pero se solucionó en las versiones anteriores, incluyendo la 5.4). helpwindow.jsp tiene Cross-Site Scripting (XSS) reflejado mediante todos los parámetros, tal y como queda demostrado con el parámetro windowTitle en sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp. Oracle Secure Global Desktop Administration Console version 4.4 build 20080807152602 suffers from cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2018/Nov/58 http://www.securityfocus.com/bid/106006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •