CVE-2018-1147

Name of the Vulnerable Software and Affected Versions Nessus versions prior to 7.1.0

Description A security issue exists due to improper input validation, allowing for the execution of arbitrary script code in a user's browser session. This can be achieved by a remote authenticated attacker creating and uploading a .nessus file that may be viewed by an administrator. Additionally, altering variables from the Advanced Settings can also lead to this issue.

Recommendations For versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Settings and limiting the ability to upload .nessus files to trusted users only. Avoid altering variables from the Advanced Settings until the issue is resolved.