CVE-2015-2702
published 2015-03-25CVE-2015-2702: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.10%
79.4th percentile
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.4 | 40.0+build4-0ubuntu0.14.04.4 |
| websense | triton_ap_data | <= 7.8.3 | — |
| websense | triton_ap_email | <= 7.8.3 | — |
| websense | triton_ap_web | <= 7.8.3 | — |
| websense | v-series_appliances | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98vw-3fg8-6q23: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8
ghsa_unreviewed·2022-05-14
CVE-2015-2702 [MEDIUM] CWE-79 GHSA-98vw-3fg8-6q23: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.
OSV
firefox regression
osv·2015-08-20·CVSS 10.0
firefox regression
firefox regression
USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users
in the US reported that their default search engine switched to Yahoo.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were
OSV
ubufox update
osv·2015-08-11·CVSS 10.0
ubufox update
ubufox update
USN-2702-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubufox.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130898/Websense-Email-Security-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Mar/103http://www.securityfocus.com/archive/1/534909/100/0/threadedhttp://www.securityfocus.com/bid/73345http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0https://www.securify.nl/advisory/SFY20140905/websense_email_security_vulnerable_to_persistent_cross_site_scripting_in_audit_log_details_view.htmlhttp://packetstormsecurity.com/files/130898/Websense-Email-Security-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Mar/103http://www.securityfocus.com/archive/1/534909/100/0/threadedhttp://www.securityfocus.com/bid/73345http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0https://www.securify.nl/advisory/SFY20140905/websense_email_security_vulnerable_to_persistent_cross_site_scripting_in_audit_log_details_view.html
2015-03-25
Published