XSS in Oracle Secure Global Desktop Administration Console CVE-2018-19439 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

XSS in Oracle Secure Global Desktop Administration Console CVE-2018-19439 Scanner Detail

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Some Advice for Common Problems

You should update to latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service