Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

Medium Nessus Network Monitor Plugin ID 3760

Synopsis

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks.

Description

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks. The remote web server contains a CGI script used by Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected web site.

Solution

Upgrade to version 4.20.983 or higher.

See Also

http://www.securityfocus.com/archive/1/446566/30/0/threaded

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1&amp;searchclause=

Plugin Details

Severity: Medium

ID: 3760

File Name: 3760.prm

Family: Generic

Published: 2006/10/02

Modified: 2016/01/22

Dependencies: 3759

Nessus ID: 22495

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.5

Vector: CVSS3#AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:C

Reference Information

CVE: CVE-2006-4959, CVE-2006-4958

BID: 20135, 20276

OSVDB: 29219, 29220, 29221, 29222, 29223, 29224, 29225, 29226