Websense Email Security vulnerable to persistent Cross-Site Scripting in
audit log details view
------------------------------
Han Sahin, September 2014
------------------------------
Abstract
------------------------------
Users of Websense Data Security that are reviewing DLP incidents can be
attacked via Cross-Site Scripting. This issue can be exploited using a
specially crafted email, or by sending a specially crafted HTTP request
through the Websense proxy. The attacker-supplied code can perform a
wide variety of attacks, such as stealing session tokens, login
credentials, performing arbitrary actions as victims, or logging
victims' keystrokes.
------------------------------
Tested versions
------------------------------
This issue was discovered on Websense Triton v7.8.3 and Websense
appliance modules V-Series v7.7. Other versions may be affected as well.
------------------------------
Fix
------------------------------
This issue is resolved in TRITON APX Version 8.0. More information about
the fixed can be found at the following location:
http://www.websense.com/suppor
------------------------------
Details
------------------------------
https://www.securify.nl/adviso
Komentarų nėra:
Rašyti komentarą