Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websense | Triton | 7.8.3 |
| Websense | V-Series Appliances | 7.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-
- http://seclists.org/fulldisclosure/2015/Mar/102
- http://www.securityfocus.com/archive/1/534908/100/0/threaded
- https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incidentExploit
- http://packetstormsecurity.com/files/130897/Websense-Data-Security-DLP-Incident-
- http://seclists.org/fulldisclosure/2015/Mar/102
- http://www.securityfocus.com/archive/1/534908/100/0/threaded
- https://www.securify.nl/advisory/SFY20140904/websense_data_security_dlp_incidentExploit
FAQ
What is CVE-2015-2747?
CVE-2015-2747 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject a...
How severe is CVE-2015-2747?
CVE-2015-2747 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2747?
Check the references section above for vendor advisories and patch information. Affected products include: Websense Triton, Websense V-Series Appliances.