Detections
Analytics

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

medium Nessus Plugin ID 22495

Language:

Synopsis

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks.

Description

Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms, is installed on the remote web server.

According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected website.

Solution

Upgrade to Sun Secure Global Desktop version 4.20.983 or later.

See Also

https://www.securityfocus.com/archive/1/446566/30/0/threaded

http://www.nessus.org/u?1d074268

Plugin Details

Severity: Medium

ID: 22495

File Name: sgd_4_2_983.nasl

Version: 1.25

Type: remote

Published: 10/3/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:sun:secure_global_desktop

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/21/2006

Reference Information

CVE: CVE-2006-4958, CVE-2006-4959

BID: 20135, 20276

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990