Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.

Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password.

The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering.

The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session.

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size.

The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL.

Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.

The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.