{"vuid":"VU#262352","idnumber":"262352","name":"Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities","keywords":["Sun","Secure Global Desktop","SSGD","xss","cross-site scripting","ttaarchives.cgi","ttaAuthentication.jsp","ttalicense.cgi","ttawlogin.cgi","ttawebtop.cgi","ttaabout.cgi","test-cgi"],"overview":"The Sun Secure Global Desktop (SSGD) contains cross-site scripting vulnerabilities.","clean_desc":"Sun Secure Global Desktop (formerly Tarantella) contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML code from user input, facilitating cross-site scripting attacks: taarchives.cgi\nttaAuthentication.jsp\nttalicense.cgi\nttawlogin.cgi\nttawebtop.cgi\nttaabout.cgi\ntest-cgi Sun states that this issue affects Sun Secure Global Desktop Software 4.2 prior to build 4.20.983 for Solaris 8 and 9 on the SPARC platform, Solaris 10 on the SPARC and x86 platforms, and the Linux platform.","impact":"A remote attacker may be able to execute arbitrary script commands in the context of a victim user. Secondary impacts include: theft of cookie information, session hijacking, and loss of data privacy between a client and the intended server.","resolution":"Apply an update Sun has addressed this vulnerability in the latest build of Sun Secure Global Desktop.","workarounds":"","sysaffected":"","thanks":"This issue was reported by SUN in document \n102650\n. Sun thanks Marc Ruef of scip AG for reporting this issue.","author":"This document was written by Katie Steiner.","public":["http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1","http://www.securityfocus.com/bid/20135","http://www.securityfocus.com/bid/20276","http://www.frsirt.com/english/advisories/2006/3739","http://securitytracker.com/id?1016900","http://secunia.com/advisories/22037","http://xforce.iss.net/xforce/xfdb/29070","http://xforce.iss.net/xforce/xfdb/29303"],"cveids":["CVE-2006-4958"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-30T14:31:39Z","publicdate":"2006-09-21T00:00:00Z","datefirstpublished":"2006-12-13T20:11:17Z","dateupdated":"2006-12-20T15:38:17Z","revision":14,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"13.5","cam_scorecurrentwidelyknown":"16.875","cam_scorecurrentwidelyknownexploited":"30.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.5,"vulnote":null}