HNS MAIN FEED
Saturday, 02:37 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities
06 November 2009
Websense Email Security and Personal Email Manager are email security applications. Both applications use the Websense Email Security Web Administrator tool for online administration. The applications are exposed to cross-site scripting vulnerabilities and a HTML injection issue which affects the email "subject" header when it is held in a queue. Websense Email Security versions earlier than 7.1 Hotfix 4 and Websense Personal Email Manager versions earlier than 7.1 Hotfix 4 are affected by this issue.
Ref: http://sotiriu.de/adv/NSOADV-2009-003.txt http://kb.websense.com/display/4n/kb/article.aspx?aid=4786&searchstring=&;n=&tab=browse&bt=4n&s=
09.44.75 - CVE: CVE-2009-3748
Platform: Web Application - Cross Site Scripting
Ref: http://sotiriu.de/adv/NSOADV-2009-003.txt http://kb.websense.com/display/4n/kb/article.aspx?aid=4786&searchstring=&;n=&tab=browse&bt=4n&s=
09.44.75 - CVE: CVE-2009-3748
Platform: Web Application - Cross Site Scripting