CVE-2018-19439
Summary
| CVE | CVE-2018-19439 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-13 19:29:00 UTC |
| Updated | 2019-01-07 16:37:00 UTC |
| Description | XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Secure Global Desktop | 4.4 | All | All | All |
| Application | Oracle | Secure Global Desktop | 4.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Secure Global Desktop CVE-2018-19439 Multiple Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Full Disclosure: CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602 | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.