Cross Site Scripting in Oracle Secure Global Desktop Administration Console

OWASP 2013-A3 OWASP 2013-A7 PCI v3.2- OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01

Oracle Secure Global Desktop 4.4 20080807152602 has an XSS vulnerability in the Administration Console (but was fixed in later versions including 5.4). As evidenced by the sgdadmin/faces/com sun web ui/help/helpwindow.jsp windowTitle parameter, helpwindow.jsp has mirrored XSS via all parameters.

Recommendations

We suggest that you update Oracle Secure Global Desktop in order to fix this vulnerability.

Latest Articles