Websense Enterprise 4/5 Blocked Sites Cross-Site Scripting Vulnerability

2003-12-03T00:00:00
ID EDB-ID:23411
Type exploitdb
Reporter Mr. P.Taylor
Modified 2003-12-03T00:00:00

Description

Websense Enterprise 4/5 Blocked Sites Cross-Site Scripting Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/9149/info

Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that includes hostile HTML and script code. Exploitation could permit theft of cookie-based authentication credentials or other consequences. 

http://[BlockedSite]?<SCRIPT>alert('hello')</SCRIPT>