Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6312

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6312
Last Modified 07 Mar 2011 10:02:22
Published 11 Dec 2007 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6312

Summary

Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.

Vulnerable Systems

Application

  • Websense Enterpise 6.3

  • Websense Enterpise 6.3.1

  • Websense Reporting Tools 6.3

  • Websense Reporting Tools 6.3.1

  • Websense Web Security Suite 6.3

  • Websense Web Security Suite 6.3.1


References

CONFIRM - http://www.websense.com/SupportPortal/SupportKbs/1840.aspx

BUGTRAQ - 20071210 Advisory: Websense XSS Vulnerability

MISC - http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/

VUPEN - ADV-2007-4158

BID - 26793

XF - websenseenterprise-logon-page-xss(38936)

SECTRACK - 1019066

SREASON - 3432

SECUNIA - 28019


Last Updated: 27 May 2016 10:46:27