In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1040918 | Third Party Advisory VDB Entry |
https://www.tenable.com/security/tns-2018-05 | Vendor Advisory |
http://www.securitytracker.com/id/1040918 | Third Party Advisory VDB Entry |
https://www.tenable.com/security/tns-2018-05 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securitytracker.com/id/1040918 - Third Party Advisory, VDB Entry | |
References | () https://www.tenable.com/security/tns-2018-05 - Vendor Advisory |
Information
Published : 2018-05-18 22:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1147
Mitre link : CVE-2018-1147
CVE.ORG link : CVE-2018-1147
JSON object : View
Products Affected
tenable
- nessus
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')