CVE Vulnerability

CVE-2007-6312

Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/ Patch
http://www.websense.com/SupportPortal/SupportKbs/1840.aspx Patch
http://www.securityfocus.com/bid/26793
http://www.securitytracker.com/id?1019066
http://secunia.com/advisories/28019
http://securityreason.com/securityalert/3432
http://www.vupen.com/english/advisories/2007/4158
https://exchange.xforce.ibmcloud.com/vulnerabilities/38936
http://www.securityfocus.com/archive/1/484824/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:websense:enterpise:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:websense:web_security_suite:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:websense:web_security_suite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:reporting_tools:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:websense:enterpise:6.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:reporting_tools:6.3:*:*:*:*:*:*:*
Information

Published : 2007-12-11 09:46

Updated : 2018-10-15 09:51

NVD link : CVE-2007-6312

Mitre link : CVE-2007-6312

Products Affected
No products.
CWE
CWE-79