Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-19439 — Cross-site Scripting in Oracle Secure Global Desktop

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
38.9%
top 2.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Secure Global Desktop
Timeline
PublishedDec 13
Latest updateMay 14

Description

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j5mj-gj9w-rjq6: XSS exists in the Administration Console in Oracle Secure Global Desktop 4↗2022-05-14
â–¶
CVEList
CVE-2018-19439: XSS exists in the Administration Console in Oracle Secure Global Desktop 4↗2018-12-13
â–¶

💥Exploits & PoCs

1
Nuclei
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
â–¶
CVE-2018-19439 — Cross-site Scripting in Oracle | cvebase