VAR-201503-0416
Vulnerability from variot - Updated: 2023-12-18 13:44Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. TRITON AP-WEB provides real-time protection against advanced threats and data theft for local and remote users; Web Security and Filter (Web security and filtering) prevents network attacks and reduces malware infections. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. ------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Websense Reporting
Han Sahin, September 2014
Abstract
It has been found that Websense Reporting is affected by multiple Cross-Site Scripting issues. Cross-Site Scripting allows an attacker to perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Tested versions
This issue was discovered on Websense Triton v7.8.3 and Websense appliance modules V-Series v7.7. Other versions may be affected as well.
Fix
Websense released hotfix 02 for Websense Triton v7.8.4 in which this issue is fixed. More information about this hotfix can be found at the following location: http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions
This issue is resolved in TRITON APX Version 8.0. More information about the fixed can be found at the following location: http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
Details
https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html
One example of a vulnerable request parameter is the col. Its value is copied into the value of an HTML tag attribute; encapsulated in double quotation marks. The value echoed unmodified (without output encoding) in the application's response. This vulnerability can be reproduced using the following steps:
- login into Admin GUI;
- open the proof of concept below;
- hover over 'Risk Class' in left corner.
https://:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f&delAdmin=0&startDate=2014-07-31&endDate=2014-08-01
An attacker must trick victims into opening the attacker's specially crafted link. This is for example possible by sending a victim a link in an email or instant message. Once a victim opens the specially crafted link, arbitrary client-side scripting code will be executed in the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "triton web filter",
"scope": "lte",
"trust": 1.0,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security gateway anywhere",
"scope": "lte",
"trust": 1.0,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton ap web",
"scope": "lte",
"trust": 1.0,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security",
"scope": "lte",
"trust": 1.0,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "websense triton ap-web",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "8.0.0"
},
{
"model": "websense web filter",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.3 thats all 7.8.3 hotfix 02"
},
{
"model": "websense web filter",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.4 thats all 7.8.4 hotfix 01"
},
{
"model": "websense web security",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.3 thats all 7.8.3 hotfix 02"
},
{
"model": "websense web security",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.4 thats all 7.8.4 hotfix 01"
},
{
"model": "websense web security gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.3 thats all 7.8.3 hotfix 02"
},
{
"model": "websense web security gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.4 thats all 7.8.4 hotfix 01"
},
{
"model": "websense web security gateway anywhere",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.3 thats all 7.8.3 hotfix 02"
},
{
"model": "websense web security gateway anywhere",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.8.4 thats all 7.8.4 hotfix 01"
},
{
"model": "triton web filter",
"scope": "eq",
"trust": 0.6,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security",
"scope": "eq",
"trust": 0.6,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton ap web",
"scope": "eq",
"trust": 0.6,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security gateway anywhere",
"scope": "eq",
"trust": 0.6,
"vendor": "websense",
"version": "7.8.3"
},
{
"model": "triton web security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "websense",
"version": "7.8.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security_gateway_anywhere:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_filter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_ap_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "130905"
}
],
"trust": 0.1
},
"cve": "CVE-2014-9711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9711",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-77656",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9711",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77656",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. TRITON AP-WEB provides real-time protection against advanced threats and data theft for local and remote users; Web Security and Filter (Web security and filtering) prevents network attacks and reduces malware infections. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. ------------------------------------------------------------------------\nMultiple Cross-Site Scripting vulnerabilities in Websense Reporting\n------------------------------------------------------------------------\nHan Sahin, September 2014\n\n------------------------------------------------------------------------\nAbstract\n------------------------------------------------------------------------\nIt has been found that Websense Reporting is affected by multiple\nCross-Site Scripting issues. Cross-Site Scripting allows an attacker to\nperform a wide variety of actions, such as stealing the victim\u0027s session\ntoken or login credentials, performing arbitrary actions on the victim\u0027s\nbehalf, and logging their keystrokes. \n\n------------------------------------------------------------------------\nTested versions\n------------------------------------------------------------------------\nThis issue was discovered on Websense Triton v7.8.3 and Websense\nappliance modules V-Series v7.7. Other versions may be affected as well. \n\n------------------------------------------------------------------------\nFix\n------------------------------------------------------------------------\nWebsense released hotfix 02 for Websense Triton v7.8.4 in which this\nissue is fixed. More information about this hotfix can be found at the\nfollowing location:\nhttp://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions\n\nThis issue is resolved in TRITON APX Version 8.0. More information about\nthe fixed can be found at the following location:\nhttp://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0\n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html\n\nOne example of a vulnerable request parameter is the col. Its value is copied into the value of an HTML tag attribute; encapsulated in double quotation marks. The value echoed unmodified (without output encoding) in the application\u0027s response. This vulnerability can be reproduced using the following steps:\n\n- login into Admin GUI;\n- open the proof of concept below;\n- hover over \u0027Risk Class\u0027 in left corner. \n\nhttps://\u003ctarget\u003e:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f\u0026delAdmin=0\u0026startDate=2014-07-31\u0026endDate=2014-08-01\n\nAn attacker must trick victims into opening the attacker\u0027s specially crafted link. This is for example possible by sending a victim a link in an email or instant message. Once a victim opens the specially crafted link, arbitrary client-side scripting code will be executed in the victim\u0027s browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim\u0027s session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "PACKETSTORM",
"id": "130905"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9711",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "130905",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "130903",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77656",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "PACKETSTORM",
"id": "130905"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"id": "VAR-201503-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77656"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:20.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerabilities resolved in TRITON APX Version 8.0",
"trust": 0.8,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"title": "v7.8.3: About Hotfix 02 for Web Security Solutions",
"trust": 0.8,
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-about-hotfix-02-for-web-security-solutions"
},
{
"title": "v7.8.4: About Hotfix 01 for Web Security Solutions",
"trust": 0.8,
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-about-hotfix-01-for-web-security-solutions"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.8,
"url": "https://www.securify.nl/advisory/sfy20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html"
},
{
"trust": 1.7,
"url": "http://www.websense.com/support/article/kbarticle/v7-8-3-about-hotfix-02-for-web-security-solutions"
},
{
"trust": 1.7,
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-about-hotfix-01-for-web-security-solutions"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/mar/109"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/mar/110"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/130903/websense-explorer-report-scheduler-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/130905/websense-reporting-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.securify.nl/advisory/sfy20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9711"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9711"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534917/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534915/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://www.websense.com/support/article/kbarticle/v7-8-4-about-hotfix-02-for-web-security-solutions"
},
{
"trust": 0.1,
"url": "https://\u003ctarget\u003e:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f\u0026deladmin=0\u0026startdate=2014-07-31\u0026enddate=2014-08-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "PACKETSTORM",
"id": "130905"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"db": "PACKETSTORM",
"id": "130905"
},
{
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-77656"
},
{
"date": "2015-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"date": "2015-03-19T05:43:17",
"db": "PACKETSTORM",
"id": "130905"
},
{
"date": "2015-03-25T14:59:00.063000",
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"date": "2015-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-77656"
},
{
"date": "2015-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001938"
},
{
"date": "2018-10-09T19:55:11.637000",
"db": "NVD",
"id": "CVE-2014-9711"
},
{
"date": "2015-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Websense Cross-site scripting vulnerability in product research reports",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001938"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "130905"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-557"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…