Oracle Secure Global Desktop 4.4 20080807152602 has an XSS vulnerability in the Administration Console (but was fixed in later versions including 5.4). As evidenced by the sgdadmin/faces/com
sun web ui/help/helpwindow.jsp
windowTitle parameter, helpwindow.jsp
has mirrored XSS via all parameters.
We suggest that you update Oracle Secure Global Desktop in order to fix this vulnerability.