CVE-2018-19439: CVE-2018-19439

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-19439

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Secure Global Desktop Administration Console 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Secure Global Desktop（SGD）是美国甲骨文（Oracle）公司的一款桌面虚拟化产品。用户可通过该产品访问服务器托管的应用程序和桌面。Administration Console是其中的一个管理控制台程序。 Oracle SGD 4.4版本中的Administration Console的helpwindow.jsp页面存在跨站脚本漏洞。远程攻击者可利用该漏洞在用户的浏览器中执行任意脚本代码，进而窃取基于cookie的身份验证凭证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-19439

#	POC Description	Source Link	Shenlong Link
1	Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-19439.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-19439

Please Login to view more intelligence information

http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.htmlx_refsource_MISC
http://www.securityfocus.com/bid/106006vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Nov/58mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2018-19439

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2018-19439

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2018-19439

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-19439

III. Intelligence Information for CVE-2018-19439

New Vulnerabilities

V. Comments for CVE-2018-19439

Leave a comment