In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user’s browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
[
{
"product": "Tenable Nessus",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "All versions prior to 7.1.0"
}
]
}
]