Websense Triton Report Management Interface Cross Site Scripting Vulnerability
BID:51085
Info
Websense Triton Report Management Interface Cross Site Scripting Vulnerability
| Bugtraq ID: | 51085 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2011 12:00AM |
| Updated: | May 02 2012 06:41AM |
| Credit: | Ben Williams of NGS Secure |
| Vulnerable: |
Websense Web Security Gateway Anywhere 7.6 Websense Web Security Gateway 7.6 Websense Web Security 7.6 Websense Web Filter 7.6 |
| Not Vulnerable: | |
Discussion
Websense Triton Report Management Interface Cross Site Scripting Vulnerability
Websense Triton is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects the following applications:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security Gateway v7.6
Websense Web Security v7.6
Websense Web Filter v7.6
Websense Triton is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects the following applications:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security Gateway v7.6
Websense Web Security v7.6
Websense Web Filter v7.6
Exploit / POC
Websense Triton Report Management Interface Cross Site Scripting Vulnerability
Attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
Attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
Solution / Fix
Websense Triton Report Management Interface Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Websense Triton Report Management Interface Cross Site Scripting Vulnerability
References:
References:
- Websense (Triton 7.6) Cross Site Scripting (Ben Williams )
- Websense Homepage (Websense)
- NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report man (NGS Secure)