CVE-2014-9711
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
Múltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el parámetro col en la página de informes de resúmenes (2) nombres (Names) o (3) anónimos (Anonymous) (explorer_wse/explorer_anon.exe).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-25 CVE Reserved
- 2015-03-25 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Mar/109 | Mailing List |
|
| http://seclists.org/fulldisclosure/2015/Mar/110 | Mailing List |
|
| http://www.securityfocus.com/archive/1/534915/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/534917/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Websense Search vendor "Websense" | Triton Ap Web Search vendor "Websense" for product "Triton Ap Web" | <= 7.8.3 Search vendor "Websense" for product "Triton Ap Web" and version " <= 7.8.3" | - |
Affected
| ||||||
| Websense Search vendor "Websense" | Triton Web Filter Search vendor "Websense" for product "Triton Web Filter" | <= 7.8.3 Search vendor "Websense" for product "Triton Web Filter" and version " <= 7.8.3" | - |
Affected
| ||||||
| Websense Search vendor "Websense" | Triton Web Security Search vendor "Websense" for product "Triton Web Security" | <= 7.8.3 Search vendor "Websense" for product "Triton Web Security" and version " <= 7.8.3" | - |
Affected
| ||||||
| Websense Search vendor "Websense" | Triton Web Security Gateway Search vendor "Websense" for product "Triton Web Security Gateway" | <= 7.8.3 Search vendor "Websense" for product "Triton Web Security Gateway" and version " <= 7.8.3" | - |
Affected
| ||||||
| Websense Search vendor "Websense" | Triton Web Security Gateway Anywhere Search vendor "Websense" for product "Triton Web Security Gateway Anywhere" | <= 7.8.3 Search vendor "Websense" for product "Triton Web Security Gateway Anywhere" and version " <= 7.8.3" | - |
Affected
| ||||||