GCVE - cpe:2.3:a:websense:triton_ap_web:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:websense:triton_ap_web:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Websense (`189e1e28-a0ba-57a1-bac2-d762ced7857c`)
Product	Triton Ap Web (`028e1d92-f701-5d79-8e1f-7c029a563f12`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-2762`	vulnerable	2026-06-03 14:34:47.786502	Details available Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. Published: 2015-03-27T14:00:00.000Z Updated: 2024-08-06T05:24:38.934Z Open on db.gcve.eu Reference links http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www.securityfocus.com/bid/73412	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2761`	vulnerable	2026-06-03 14:34:47.786249	Details available Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2015-03-27T14:00:00.000Z Updated: 2024-08-06T05:24:38.749Z Open on db.gcve.eu Reference links http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www.securityfocus.com/bid/73414	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2748`	vulnerable	2026-06-03 14:34:47.703588	Details available Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. Published: 2015-03-26T14:00:00.000Z Updated: 2024-08-06T05:24:38.460Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/130901/Websense-Explorer-Missing-Access-Control.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www.securityfocus.com/archive/1/534913/100/0/threaded https://www.securify.nl/advisory/SFY20140909/missing_access_control_on_websense_explorer_web_folder.html http://seclists.org/fulldisclosure/2015/Mar/107	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2703`	vulnerable	2026-06-03 14:34:47.600649	Details available Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. Published: 2015-03-25T14:00:00.000Z Updated: 2024-08-06T05:24:38.553Z Open on db.gcve.eu Reference links https://www.securify.nl/advisory/SFY20140910/cross_site_scripting_vulnerability_in_websense_data_security_block_page.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://seclists.org/fulldisclosure/2015/Mar/106 http://seclists.org/fulldisclosure/2015/Mar/108 http://www.securityfocus.com/archive/1/534914/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2702`	vulnerable	2026-06-03 14:34:47.599064	Details available Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. Published: 2015-03-25T14:00:00.000Z Updated: 2024-08-06T05:24:38.643Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/534909/100/0/threaded http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www.securityfocus.com/bid/73345 http://seclists.org/fulldisclosure/2015/Mar/103 http://packetstormsecurity.com/files/130898/Websense-Email-Security-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-9711`	vulnerable	2026-06-03 14:34:28.085810	Details available Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. Published: 2015-03-25T14:00:00.000Z Updated: 2024-08-06T13:55:04.205Z Open on db.gcve.eu Reference links https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions http://seclists.org/fulldisclosure/2015/Mar/109	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.