AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2015-2702: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL be

infovulnerability

security

Source: NVD/CVE DatabaseMarch 25, 2015CVE-2015-2702

Summary

A cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code into web pages) was found in the Message Log feature of Websense TRITON AP-EMAIL email security appliances. Attackers could exploit this by crafting a malicious email sender address, allowing them to inject arbitrary web scripts or HTML that would execute when someone views the message log. The vulnerability affected versions before 8.0.0 and V-Series 7.7 appliances.

Solution / Mitigation

Update to Websense TRITON AP-EMAIL version 8.0.0 or later, as referenced in the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.

Vulnerability Details

CVSS Score

4.3

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2015-2702

First tracked: February 15, 2026 at 08:45 PM

Classified by LLM (prompt v3) · confidence: 95%