CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 4CVE-2014-9711
https://notcve.org/view.php?id=CVE-2014-9711
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. Múltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el parámetro col en la página de informes de resúmenes (2) nombres (Names) o (3) anónimos (Anonymous) (explorer_wse/explorer_anon.exe). • http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/109 http://seclists.org/fulldisclosure/2015/Mar/110 http://www.securityfocus.com/archive/1/534915/100/0/threaded http://www.securityfocus.com/archive/1/534917/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0347
https://notcve.org/view.php?id=CVE-2014-0347
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. El módulo de configuraciones en Websense Triton Unified Security Center 7.7.3 anterior a Hotfix 31, Web Filter 7.7.3 anterior a Hotfix 31, Web Security 7.7.3 anterior a Hotfix 31, Web Security Gateway 7.7.3 anterior a Hotfix 31 y Web Security Gateway Anywhere 7.7.3 anterior a Hotfix 31 permite a usuarios remotos autenticados leer contraseñas en texto claro mediante la sustitución type="password" con type="text" en un elemento INPUT en el componente (1) Log Database o (2) User Directories. • http://www.kb.cert.org/vuls/id/568252 https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0 • CWE-255: Credentials Management Errors •