CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2761
https://notcve.org/view.php?id=CVE-2015-2761
Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en las páginas de excepciones y excepciones de escaneo en Websense TRITON AP-WEB anterior a 8.0.0 permite a atacantes remotos inyectar cuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/73414 http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2015-2747
https://notcve.org/view.php?id=CVE-2015-2747
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. Múltiples vulnerabilidades de XSS en la previsualización del análisis forense de incidentes de Data Loss Prevention (DLP) en Websense Triton 7.8.3 y las aplicaciones de la serie V 7.7 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud (1) email o (2) HTTP manipulada que provoca una política DLP. • http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html http://seclists.org/fulldisclosure/2015/Mar/102 http://www.securityfocus.com/archive/1/534908/100/0/threaded https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 6%CPEs: 2EXPL: 3CVE-2015-2746 – Websense Appliance Manager - Command Injection
https://notcve.org/view.php?id=CVE-2015-2746
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. La herramienta de la diagnóstica de la red (CommandLineServlet) la utilidad de líneas de comandos (CLU) de Appliance Manager en Websense TRITON 7.8.3 y las aplicaciones de la serie V anterior a 7.8.4 Hotfix 02 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro 'second' de un comando, tal y como fue demostrado por el parámetro Destination en el comando ping. • https://www.exploit-db.com/exploits/36423 http://packetstormsecurity.com/files/130899/Websense-Appliance-Manager-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/104 http://www.securityfocus.com/archive/1/534910/100/0/threaded http://www.websense.com/support/article/kbarticle/October-2014-Hotfix-Summary-for-Websense-Solutions https://www.securify.nl/advisory/SFY20140906/command_injection_vulnerability_in_network_diagnostics_tool_of_websense_appliance_manager.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2CVE-2015-2748
https://notcve.org/view.php?id=CVE-2015-2748
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. Websense TRITON AP-WEB anterior a 8.0.0 no restringe correctamente el acceso a ficheros en explorer_wse/, lo que permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) un informe de incidentes de Web Security o (2) el fichero de configuración de Explorer (websense.ini). • http://packetstormsecurity.com/files/130901/Websense-Explorer-Missing-Access-Control.html http://seclists.org/fulldisclosure/2015/Mar/107 http://www.securityfocus.com/archive/1/534913/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140909/missing_access_control_on_websense_explorer_web_folder.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 4CVE-2014-9711
https://notcve.org/view.php?id=CVE-2014-9711
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. Múltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el parámetro col en la página de informes de resúmenes (2) nombres (Names) o (3) anónimos (Anonymous) (explorer_wse/explorer_anon.exe). • http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/109 http://seclists.org/fulldisclosure/2015/Mar/110 http://www.securityfocus.com/archive/1/534915/100/0/threaded http://www.securityfocus.com/archive/1/534917/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •