CVE-2015-2703

Name of the Vulnerable Software and Affected Versions Websense TRITON AP-WEB versions prior to 8.0.0 Websense V-Series appliances version 7.7

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the ws-userip in the ws-encdata parameter to "cve-bin/moreBlockInfo.cgi" in the Data Security block page or the admin msg parameter to "configure/ssl ui/eva-config/client-cert-import wsoem.html" in the Content Gateway. The vulnerability arises because the parameters are not properly handled in an error message.

Recommendations For Websense TRITON AP-WEB versions prior to 8.0.0, update to version 8.0.0 or later. For Websense V-Series appliances version 7.7, update to a version later than 7.7. As a temporary workaround, consider restricting access to the "cve-bin/moreBlockInfo.cgi" and "configure/ssl ui/eva-config/client-cert-import wsoem.html" pages to minimize the risk of exploitation. Avoid using the ws-userip and admin msg parameters in the affected API endpoints until the issue is resolved.