|
|
| |
| Websense Enterprise and Websense Web Security Suite contain a vulnerability in the login page is susceptible to a cross site scripting (XSS) attack. |
| |
Credit:
The information has been provided by Liquidmatrix Security Digest.
The original article can be found at: http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/
|
| |
Vulnerable Systems:
* WebSense version 6.3
Technical Details:
Input passed to the "username" field of the login page is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Fix Information:
This issue has now been resolved.
The patch may be obtained from: http://www.websense.com (Hotfix #80)
Knowledge Base #1840: http://www.websense.com/SupportPortal/SupportKbs/1840.aspx
|
|
|
|
|
|
|
|
