CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
References
Link Resource
https://www.tenable.com/security/tns-2018-11 Patch Vendor Advisory
http://www.securitytracker.com/id/1041431 VDB Entry Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:*

Information

Published : 2018-08-02 07:29

Updated : 2018-10-03 06:04


NVD link : CVE-2018-1155

Mitre link : CVE-2018-1155

Products Affected
CWE