CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2764
https://notcve.org/view.php?id=CVE-2015-2764
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. Múltiples vulnerabilidades de XSS en Websense TRITON AP-DATA anterior a 8.0.0 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados en el catálogo de informes de DSS (1) Mobile o (2) DLP. • http://www.securityfocus.com/bid/73424 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2CVE-2015-2748
https://notcve.org/view.php?id=CVE-2015-2748
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. Websense TRITON AP-WEB anterior a 8.0.0 no restringe correctamente el acceso a ficheros en explorer_wse/, lo que permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) un informe de incidentes de Web Security o (2) el fichero de configuración de Explorer (websense.ini). • http://packetstormsecurity.com/files/130901/Websense-Explorer-Missing-Access-Control.html http://seclists.org/fulldisclosure/2015/Mar/107 http://www.securityfocus.com/archive/1/534913/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140909/missing_access_control_on_websense_explorer_web_folder.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-2702
https://notcve.org/view.php?id=CVE-2015-2702
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. Vulnerabilidad de XSS en el registro de mensajes en el componente Email Security Gateway en Websense TRITON AP-EMAIL anterior a 8.0.0 y las aplicaciones de la serie V 7.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de la dirección de envío en un email. • http://packetstormsecurity.com/files/130898/Websense-Email-Security-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/103 http://www.securityfocus.com/archive/1/534909/100/0/threaded http://www.securityfocus.com/bid/73345 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140905/websense_email_security_vulnerable_to_persistent_cross_site_scripting_in_audit_log_details_view.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •