CVE-2018-19439
Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
Existe Cross-Site Scripting (XSS) en la consola de administración en Oracle Secure Global Desktop 4.4 20080807152602 (pero se solucionó en las versiones anteriores, incluyendo la 5.4). helpwindow.jsp tiene Cross-Site Scripting (XSS) reflejado mediante todos los parámetros, tal y como queda demostrado con el parámetro windowTitle en sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp.
Oracle Secure Global Desktop Administration Console version 4.4 build 20080807152602 suffers from cross site scripting vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-22 CVE Reserved
- 2018-11-22 CVE Published
- 2024-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106006 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Secure Global Desktop Search vendor "Oracle" for product "Secure Global Desktop" | 4.4 Search vendor "Oracle" for product "Secure Global Desktop" and version "4.4" | - |
Affected
| ||||||