Websense Triton 'favorites.exe' HTML Injection Vulnerability
BID:51088
Info
Websense Triton 'favorites.exe' HTML Injection Vulnerability
| Bugtraq ID: | 51088 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2011 12:00AM |
| Updated: | May 02 2012 07:41AM |
| Credit: | Ben Williams of NGS Secure |
| Vulnerable: |
Websense Web Security Gateway Anywhere 7.6 Websense Web Security Gateway 7.6 Websense Web Security 7.6 Websense Web Filter 7.6 |
| Not Vulnerable: | |
Discussion
Websense Triton 'favorites.exe' HTML Injection Vulnerability
Websense Triton is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
The following applications are vulnerable:
Websense Web Security Gateway Anywhere 7.6
Websense Web Security Gateway 7.6
Websense Web Security 7.6
Websense Web Filter 7.6
Websense Triton is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
The following applications are vulnerable:
Websense Web Security Gateway Anywhere 7.6
Websense Web Security Gateway 7.6
Websense Web Security 7.6
Websense Web Filter 7.6
Exploit / POC
Websense Triton 'favorites.exe' HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Solution / Fix
Websense Triton 'favorites.exe' HTML Injection Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
Websense Triton 'favorites.exe' HTML Injection Vulnerability
References:
References:
- Websense Homepage (Websense)
- websense Hotfix (websense)
- NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report manage (Research@NGSSecure [email protected])