CVE-2007-6312
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
Affected configurations
References
secunia.com/advisories/28019
securityreason.com/securityalert/3432
www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/
www.securityfocus.com/archive/1/484824/100/0/threaded
www.securityfocus.com/bid/26793
www.securitytracker.com/id?1019066
www.vupen.com/english/advisories/2007/4158
www.websense.com/SupportPortal/SupportKbs/1840.aspx
exchange.xforce.ibmcloud.com/vulnerabilities/38936
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%