CVE-2018-1147

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
References
Link Resource
https://www.tenable.com/security/tns-2018-05 Vendor Advisory
http://www.securitytracker.com/id/1040918 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Information

Published : 2018-05-18 10:29

Updated : 2018-06-19 03:32


NVD link : CVE-2018-1147

Mitre link : CVE-2018-1147

Products Affected
No products.
CWE