CVE-2018-1147
N/A
N/A
Summary
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tenable | Tenable Nessus | All versions prior to 7.1.0 | affected |
Weaknesses
- CrossSite Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.