Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for triton_web_security_gateway by websense

    CVE-2014-9711 (GCVE-0-2014-9711)

    Vulnerability from nvd – Published: 2015-03-25 14:00 – Updated: 2024-08-06 13:55
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:55:04.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
              },
              {
                "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
              },
              {
                "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
              },
              {
                "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
              },
              {
                "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
            },
            {
              "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
            },
            {
              "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
            },
            {
              "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
            },
            {
              "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9711",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html",
                  "refsource": "MISC",
                  "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
                },
                {
                  "name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html",
                  "refsource": "MISC",
                  "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
                },
                {
                  "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
                },
                {
                  "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
                },
                {
                  "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
                },
                {
                  "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9711",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2015-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:55:04.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0347 (GCVE-0-2014-0347)

    Vulnerability from nvd – Published: 2014-04-12 01:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/568252 third-party-advisoryx_refsource_CERT-VN
    https://www.websense.com/content/mywebsense-hotfi… x_refsource_CONFIRM
    Date Public
    2014-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:10.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#568252",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/568252"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-12T01:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#568252",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/568252"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0347",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#568252",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/568252"
                },
                {
                  "name": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0",
                  "refsource": "CONFIRM",
                  "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0347",
        "datePublished": "2014-04-12T01:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:10.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9711 (GCVE-0-2014-9711)

    Vulnerability from cvelistv5 – Published: 2015-03-25 14:00 – Updated: 2024-08-06 13:55
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:55:04.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
              },
              {
                "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
              },
              {
                "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
              },
              {
                "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
              },
              {
                "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
            },
            {
              "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
            },
            {
              "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
            },
            {
              "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
            },
            {
              "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9711",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html",
                  "refsource": "MISC",
                  "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
                },
                {
                  "name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html",
                  "refsource": "MISC",
                  "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
                },
                {
                  "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Mar/109"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
                },
                {
                  "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Mar/110"
                },
                {
                  "name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions",
                  "refsource": "CONFIRM",
                  "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
                },
                {
                  "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
                },
                {
                  "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9711",
        "datePublished": "2015-03-25T14:00:00.000Z",
        "dateReserved": "2015-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:55:04.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0347 (GCVE-0-2014-0347)

    Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/568252 third-party-advisoryx_refsource_CERT-VN
    https://www.websense.com/content/mywebsense-hotfi… x_refsource_CONFIRM
    Date Public
    2014-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:10.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#568252",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/568252"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-12T01:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#568252",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/568252"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0347",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#568252",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/568252"
                },
                {
                  "name": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0",
                  "refsource": "CONFIRM",
                  "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0347",
        "datePublished": "2014-04-12T01:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:10.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }