Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS
Medium Nessus Network Monitor Plugin ID 3760
SynopsisThe remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks.
DescriptionThe remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks. The remote web server contains a CGI script used by Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected web site.
SolutionUpgrade to version 4.20.983 or higher.