Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.

1) An error within the authentication mechanism in the report management interface can be exploited to bypass the authentication mechanism by manipulating certain cookies.

2) Input passed via the "dTitle" parameter to explorer_wse/detail.exe in the report management web interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Certain input passed to explorer_wse/ws_irpt.exe is not properly verified before being used. This can be exploited to inject and execute arbitrary shell commands.

4) Input passed via the "favName" parameter to explorer_wse/favorites.exe is not properly sanitised in the report management web interface before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerabilities are reported in the following products:
* Websense Web Security Gateway version 7.6
* Websense Web Security version 7.6
* Websense Web Filter version 7.6

Solution
Apply Hotfix 12 for version 7.6.2 or Hotfix 24 for version 7.6.0.

Provided and/or discovered by
Ben Williams, NGS Secure.

Changelog
Further details available to Secunia VIM customers

Original Advisory
NGS Secure:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0227.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0228.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0229.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0230.html

Deep Links
Links available to Secunia VIM customers