CVE-2018-19439

MEDIUM NUCLEI

Oracle Secure Global Desktop <5.4 - XSS

Title source: llm

Description

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Nuclei Templates (1)

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

MEDIUMby madrobot,dwisiswant0

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Nov/58

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106006

Scores

CVSS v3 6.1

EPSS 0.3887

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

oracle/secure_global_desktop 4.4

Published Dec 13, 2018

Tracked Since Feb 18, 2026