Websense Web Reporting Tools contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' field upon submission in the logon page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Websense has released a patch to address this issue.
Vendor Specific News/Changelog Entry: http://www.websense.com/SupportPortal/SupportKbs/1840.aspx</a> Security Tracker: 1019066 Secunia Advisory ID:28019 Other Advisory URL: http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/ ISS X-Force ID: 38936 FrSIRT Advisory: ADV-2007-4158 CVE-2007-6312 Bugtraq ID: 26793