// For flags

CVE-2014-9711

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.

Múltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el parámetro col en la página de informes de resúmenes (2) nombres (Names) o (3) anónimos (Anonymous) (explorer_wse/explorer_anon.exe).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-25 CVE Reserved
  • 2015-03-25 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-11-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Websense
Search vendor "Websense"
Triton Ap Web
Search vendor "Websense" for product "Triton Ap Web"
<= 7.8.3
Search vendor "Websense" for product "Triton Ap Web" and version " <= 7.8.3"
-
Affected
Websense
Search vendor "Websense"
Triton Web Filter
Search vendor "Websense" for product "Triton Web Filter"
<= 7.8.3
Search vendor "Websense" for product "Triton Web Filter" and version " <= 7.8.3"
-
Affected
Websense
Search vendor "Websense"
Triton Web Security
Search vendor "Websense" for product "Triton Web Security"
<= 7.8.3
Search vendor "Websense" for product "Triton Web Security" and version " <= 7.8.3"
-
Affected
Websense
Search vendor "Websense"
Triton Web Security Gateway
Search vendor "Websense" for product "Triton Web Security Gateway"
<= 7.8.3
Search vendor "Websense" for product "Triton Web Security Gateway" and version " <= 7.8.3"
-
Affected
Websense
Search vendor "Websense"
Triton Web Security Gateway Anywhere
Search vendor "Websense" for product "Triton Web Security Gateway Anywhere"
<= 7.8.3
Search vendor "Websense" for product "Triton Web Security Gateway Anywhere" and version " <= 7.8.3"
-
Affected