JVN#87760109: Nessus vulnerable to cross-site scripting

2017-05-09T00:00:00
ID JVN:87760109
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-05-09T00:00:00

Description

## Description

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CVE-2017-2122).
An authenticated user may store crafted contents to Nessus.

According to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122.
For more information, please see the developer's advisory.

## Impact

An arbitrary JavaScript may be executed on the logged in user's web browser.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Nessus 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2