Search criteria
6 vulnerabilities found for triton_web_security_gateway by websense
FKIE_CVE-2014-9711
Vulnerability from fkie_nvd - Published: 2015-03-25 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| websense | triton_ap_web | * | |
| websense | triton_web_filter | * | |
| websense | triton_web_security | * | |
| websense | triton_web_security_gateway | * | |
| websense | triton_web_security_gateway_anywhere | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:websense:triton_ap_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5078B495-2891-465E-BFA2-9A5C9EB8D557",
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA2ABEB-3229-47D9-8261-564CC112B0C4",
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79BB7648-75D8-4E40-9FE2-FC404B3A05F3",
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AEDFA8-81D6-4387-AEEC-3FF313A6F84A",
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security_gateway_anywhere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A238CA94-63D1-4F60-BBAE-F5A5554F0759",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en los informes investigativos en Websense TRITON AP-WEB anterior a 8.0.0 y Web Security and Filter, Web Security Gateway, y Web Security Gateway Anywhere 7.8.3 anterior a Hotfix 02 y 7.8.4 anterior a Hotfix 01 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s (1) del par\u00e1metro ReportName (Job Name) en el planificador de informes de Explorer (cgi-bin/WsCgiExplorerSchedule.exe) en la cola de tareas o el par\u00e1metro col en la p\u00e1gina de informes de res\u00famenes (2) nombres (Names) o (3) an\u00f3nimos (Anonymous) (explorer_wse/explorer_anon.exe)."
}
],
"id": "CVE-2014-9711",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-25T14:59:00.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0347
Vulnerability from fkie_nvd - Published: 2014-04-12 04:37 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| websense | triton_unified_security_center | 7.7.3 | |
| websense | triton_web_filter | 7.7.3 | |
| websense | triton_web_security | 7.7.3 | |
| websense | triton_web_security_gateway | 7.7.3 | |
| websense | triton_web_security_gateway_anywhere | 7.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:websense:triton_unified_security_center:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2D76D-3739-477C-B8E6-0F3577762183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_filter:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57709FA3-016A-43D2-8004-1C43E1C20247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BADFCCD5-8F20-4AB0-9905-BC0ED3F52A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security_gateway:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825ED95D-1CCA-4C4E-8946-A01C664B16B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websense:triton_web_security_gateway_anywhere:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BEB357-9E85-4E6E-A567-A2B7C2363BE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
},
{
"lang": "es",
"value": "El m\u00f3dulo de configuraciones en Websense Triton Unified Security Center 7.7.3 anterior a Hotfix 31, Web Filter 7.7.3 anterior a Hotfix 31, Web Security 7.7.3 anterior a Hotfix 31, Web Security Gateway 7.7.3 anterior a Hotfix 31 y Web Security Gateway Anywhere 7.7.3 anterior a Hotfix 31 permite a usuarios remotos autenticados leer contrase\u00f1as en texto claro mediante la sustituci\u00f3n type=\"password\" con type=\"text\" en un elemento INPUT en el componente (1) Log Database o (2) User Directories."
}
],
"id": "CVE-2014-0347",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-12T04:37:31.377",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"source": "cret@cert.org",
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-9711 (GCVE-0-2014-9711)
Vulnerability from cvelistv5 – Published: 2015-03-25 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9711",
"datePublished": "2015-03-25T14:00:00",
"dateReserved": "2015-03-25T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0347 (GCVE-0-2014-0347)
Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#568252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-12T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#568252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#568252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"name": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0",
"refsource": "CONFIRM",
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0347",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:10.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9711 (GCVE-0-2014-9711)
Vulnerability from nvd – Published: 2015-03-25 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/109"
},
{
"name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html"
},
{
"name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/110"
},
{
"name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions"
},
{
"name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9711",
"datePublished": "2015-03-25T14:00:00",
"dateReserved": "2015-03-25T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0347 (GCVE-0-2014-0347)
Vulnerability from nvd – Published: 2014-04-12 01:00 – Updated: 2024-08-06 09:13
VLAI?
Summary
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:10.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#568252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-12T01:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#568252",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#568252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"name": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0",
"refsource": "CONFIRM",
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0347",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:10.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}