icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

Medium

Synopsis

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks.

Description

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks. The remote web server contains a CGI script used by Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected web site.

Solution

Upgrade to version 4.20.983 or higher.