Websense Enterprise 4/5 - Blocked Sites Cross-Site Scripting
| EKU-ID: 28858 | CVE: OSVDB-2901 | OSVDB-ID: |
| Author: Mr. P.Taylor | Published: 2003-12-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28858 | CVE: OSVDB-2901 | OSVDB-ID: |
| Author: Mr. P.Taylor | Published: 2003-12-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9149/info
Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that includes hostile HTML and script code. Exploitation could permit theft of cookie-based authentication credentials or other consequences.
http://[BlockedSite]?<SCRIPT>alert('hello')</SCRIPT>