Exploitation Summary
CVE-2018-19439 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
Nuclei Templates (1)
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
MEDIUMby madrobot,dwisiswant0
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106006
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Nov/58
Scores
CVSS v3
6.1
EPSS
0.2054
EPSS Percentile
97.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
oracle/secure_global_desktop
4.4
Published
Dec 13, 2018
Tracked Since
Feb 18, 2026