Vulnerability Note VU#262352
Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities
The Sun Secure Global Desktop (SSGD) contains cross-site scripting vulnerabilities.
Sun Secure Global Desktop (formerly Tarantella) contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML code from user input, facilitating cross-site scripting attacks:
A remote attacker may be able to execute arbitrary script commands in the context of a victim user. Secondary impacts include: theft of cookie information, session hijacking, and loss of data privacy between a client and the intended server.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems, Inc.||Affected||-||31 Oct 2006|
CVSS Metrics (Learn More)
This issue was reported by SUN in document 102650. Sun thanks Marc Ruef of scip AG for reporting this issue.
This document was written by Katie Steiner.
- CVE IDs: CVE-2006-4958
- Date Public: 21 Sep 2006
- Date First Published: 13 Dec 2006
- Date Last Updated: 20 Dec 2006
- Severity Metric: 13.50
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.