Paweł Bednarz

**Name of the Vulnerable Software and Affected Versions** Tenable Security Center (affected versions not specified) **Description** A stored cross site scripting issue exists, allowing an authenticated, remote attacker to inject HTML code into a web application scan result page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenable Security Center (affected versions not specified) **Description** A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenable Nessus (affected versions not specified) **Description** A stored XSS issue exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, leading to the execution of remote arbitrary scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.