{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"}, {"tags": ["x_refsource_MISC"], "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"}, {"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/109"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"}, {"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/110"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"}, {"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"}, {"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9711", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html", "refsource": "MISC", "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"}, {"name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "refsource": "CONFIRM", "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"}, {"name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html", "refsource": "MISC", "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"}, {"name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions", "refsource": "CONFIRM", "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"}, {"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/109"}, {"name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"}, {"name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"}, {"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/110"}, {"name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions", "refsource": "CONFIRM", "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"}, {"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"}, {"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9711", "datePublished": "2015-03-25T14:00:00", "dateReserved": "2015-03-25T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:websense:triton_ap_web:*:*:*:*:*:*:*:*", "matchCriteriaId": "5078B495-2891-465E-BFA2-9A5C9EB8D557", "versionEndIncluding": "7.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:websense:triton_web_filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BA2ABEB-3229-47D9-8261-564CC112B0C4", "versionEndIncluding": "7.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:websense:triton_web_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "79BB7648-75D8-4E40-9FE2-FC404B3A05F3", "versionEndIncluding": "7.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:websense:triton_web_security_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3AEDFA8-81D6-4387-AEEC-3FF313A6F84A", "versionEndIncluding": "7.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:websense:triton_web_security_gateway_anywhere:*:*:*:*:*:*:*:*", "matchCriteriaId": "A238CA94-63D1-4F60-BBAE-F5A5554F0759", "versionEndIncluding": "7.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s (1) del par\u00e1metro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el par\u00e1metro col en la p\u00e1gina de informes de res\u00famenes (2) nombres (Names) o (3) an\u00f3nimos (Anonymous) (explorer_wse/explorer_anon.exe)."}], "id": "CVE-2014-9711", "lastModified": "2018-10-09T19:55:11.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-03-25T14:59:00.063", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2015/Mar/109"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2015/Mar/110"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}