Websense Explorer’s report scheduler suffers from a cross site scripting vulnerability.