Vulnerabilities > Websense
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-25 | CVE-2015-2702 | Cross-site Scripting vulnerability in Websense products Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. | 4.3 |
| 2015-03-25 | CVE-2014-9711 | Cross-site Scripting vulnerability in Websense products Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. | 4.3 |
| 2014-04-12 | CVE-2014-0347 | Credentials Management vulnerability in Websense products The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. | 3.5 |
| 2012-08-26 | CVE-2009-5132 | Denial-Of-Service vulnerability in Websense Web Filter The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. | 5.0 |
| 2012-08-26 | CVE-2009-5131 | Permissions, Privileges, and Access Controls vulnerability in Websense Email Security 6.1/7.0 The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. | 5.0 |
| 2012-08-26 | CVE-2009-5130 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Websense Email Security 6.1/7.0 The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. | 4.3 |
| 2012-08-26 | CVE-2009-5129 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Websense V10000 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password. | 5.0 |
| 2012-08-26 | CVE-2009-5128 | Buffer Errors vulnerability in Websense V10000 1.0.0 The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering. | 5.0 |
| 2012-08-24 | CVE-2012-2984 | Cross-Site Scripting vulnerability in Websense Content Gateway 7.7 Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. | 4.3 |
| 2012-08-23 | CVE-2012-4605 | Information Exposure vulnerability in Websense Email Security The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | 5.0 |