Lucene search

[email protected]NVD:CVE-2014-7280

HistoryOct 21, 2014 - 3:55 p.m.

CVE-2014-7280

2014-10-2115:55:07

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.

Affected configurations

NVD

Node

tenableweb_uiRange≤2.3.3

References

osvdb.org/112728

packetstormsecurity.com/files/128579/Nessus-Web-UI-2.3.3-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Oct/26

www.exploit-db.com/exploits/34929

www.securityfocus.com/bid/70274

www.tenable.com/security/tns-2014-08

www.thesecurityfactory.be/permalink/nessus-stored-xss.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for NVD:CVE-2014-7280

cve1 seebug1 exploitpack1 nessus1 zdt1 prion1 packetstorm1 cvelist1 exploitdb1