Unrated severityNVD Advisory· Published Mar 25, 2015· Updated May 6, 2026
CVE-2014-9711
CVE-2014-9711
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.htmlnvdExploit
- packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.htmlnvdExploit
- www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.htmlnvdExploit
- www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.htmlnvdExploit
- www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0nvdVendor Advisory
- www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-SolutionsnvdVendor Advisory
- www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-SolutionsnvdVendor Advisory
- seclists.org/fulldisclosure/2015/Mar/109nvd
- seclists.org/fulldisclosure/2015/Mar/110nvd
- www.securityfocus.com/archive/1/534915/100/0/threadednvd
- www.securityfocus.com/archive/1/534917/100/0/threadednvd
News mentions
0No linked articles in our index yet.