Reflected XSS in Oracle Secure Global Desktop Administration Console via helpwindow.jsp

Reflected XSS in Oracle Secure Global Desktop Administration Console via helpwindow.jsp

CVE-2018-19439 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Learn more about our Cis Benchmark Audit For Desktop Software.