Websense Email Security Audit Log Persistent XSS Vulnerability

Key Information Vulnerability Description - Type: Persistent Cross-Site Scripting (XSS) - Affected Product: Websense Email Security - Affected Function: Audit Log Details View Impact - Victims: Websense Data Security users reviewing DLP (Data Loss Prevention) events - Attack Method: Exploited via specially crafted emails or HTTP requests, leveraging the Websense proxy to send malicious HTTP requests. Exploitation - Attack Technique: Injection of malicious JavaScript code through any part of an email. - Consequences: Enables various attacks, such as stealing session tokens, login credentials, performing arbitrary actions on behalf of the victim, or logging keystrokes. Tested Versions - Versions Tested: Websense Triton v7.8.3 and Websense appliance modules V-Series v7.7; other versions may also be affected. Remediation - Fixed Version: TRITON APX Version 8.0 - Remediation Details: See Support Page. Evidence and Details Screenshot Evidence: - Figure 1 shows the XSS vulnerability in an audit log entry. - Figure 2 demonstrates unsafe display of client data in message log type details (involving tag). Summary This vulnerability allows attackers to inject malicious scripts into the log details view of Websense Email Security, enabling attacks against users reviewing DLP events. It has been confirmed to affect Websense Triton v7.8.3 and V-Series v7.7, and has been resolved in TRITON APX Version 8.0.

Goal Reached Thanks to every supporter — we hit 100%!

Websense Email Security Audit Log Persistent XSS Vulnerability