Vulnerability Details CVE-2015-2747
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html
- http://seclists.org/fulldisclosure/2015/Mar/102
- http://www.securityfocus.com/archive/1/534908/100/0/threaded
- https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html
- http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html
- http://seclists.org/fulldisclosure/2015/Mar/102
- http://www.securityfocus.com/archive/1/534908/100/0/threaded
- https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html
Products affected by CVE-2015-2747
-
cpe:2.3:a:websense:triton:7.8.3
-
cpe:2.3:a:websense:v-series_appliances:7.7