Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9711

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9711
Last Modified 26 Mar 2015 01:35:07
Published 25 Mar 2015 10:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9711

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.

Vulnerable Systems

Application

  • Websense Triton Ap Web 7.8.3

  • Websense Triton Web Filter 7.8.3

  • Websense Triton Web Security 7.8.3

  • Websense Triton Web Security Gateway 7.8.3

  • Websense Triton Web Security Gateway Anywhere 7.8.3


References

MISC - https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html

MISC - https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html

CONFIRM - http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

CONFIRM - http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions

CONFIRM - http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions

BUGTRAQ - 20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler

BUGTRAQ - 20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting

MISC - http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html

MISC - http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:08:13