Han Sahin, September 2014
It was discovered that the error messages of Websense Content Gateway
process user-controllable data insecurely, rendering these pages
vulnerable to Cross-Site Scripting. Cross-Site Scripting allows an
attacker to perform a wide variety of actions, such as stealing the
victim's session token or login credentials, performing arbitrary
actions on the victim's behalf, and logging their keystrokes.
This issue was discovered on Websense Triton v7.8.3 and Websense
appliance modules V-Series v7.7. Other versions may be affected as well.
This issue is resolved in TRITON APX Version 8.0. More information about
the fixed can be found at the following location:
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0