CVE-2015-2747

Published: Mar 26, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.

Affected (2)

Products: Websense: Triton, V Series Appliances

2 products

V Series Appliances

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Websense Triton	Version 7.8.3
Websense V Series Appliances	Version 7.7

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Mar/102

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/534908/100/0/threaded

Source: cve@mitre.org

https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-Forensics-Preview-XSS.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Mar/102

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/534908/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incident_forensics_preview_is_vulnerable_to_cross_site_scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.