PT-2018-10588 · Tenable · Nessus
Published
2018-05-18
·
Updated
2018-06-19
·
CVE-2018-1147
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nessus versions prior to 7.1.0
Description
A security issue exists due to improper input validation, allowing for the execution of arbitrary script code in a user's browser session. This can be achieved by a remote authenticated attacker creating and uploading a .nessus file that may be viewed by an administrator. Additionally, altering variables from the Advanced Settings can also lead to this issue.
Recommendations
For versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Settings and limiting the ability to upload .nessus files to trusted users only. Avoid altering variables from the Advanced Settings until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nessus