CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2015-2747
https://notcve.org/view.php?id=CVE-2015-2747
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. Múltiples vulnerabilidades de XSS en la previsualización del análisis forense de incidentes de Data Loss Prevention (DLP) en Websense Triton 7.8.3 y las aplicaciones de la serie V 7.7 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud (1) email o (2) HTTP manipulada que provoca una política DLP. • http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html http://seclists.org/fulldisclosure/2015/Mar/102 http://www.securityfocus.com/archive/1/534908/100/0/threaded https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 6%CPEs: 2EXPL: 3CVE-2015-2746 – Websense Appliance Manager - Command Injection
https://notcve.org/view.php?id=CVE-2015-2746
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. La herramienta de la diagnóstica de la red (CommandLineServlet) la utilidad de líneas de comandos (CLU) de Appliance Manager en Websense TRITON 7.8.3 y las aplicaciones de la serie V anterior a 7.8.4 Hotfix 02 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro 'second' de un comando, tal y como fue demostrado por el parámetro Destination en el comando ping. • https://www.exploit-db.com/exploits/36423 http://packetstormsecurity.com/files/130899/Websense-Appliance-Manager-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/104 http://www.securityfocus.com/archive/1/534910/100/0/threaded http://www.websense.com/support/article/kbarticle/October-2014-Hotfix-Summary-for-Websense-Solutions https://www.securify.nl/advisory/SFY20140906/command_injection_vulnerability_in_network_diagnostics_tool_of_websense_appliance_manager.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •