CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

Tenable Nessus < 8.5.0 Multiple Vulnerabilities (TNS-2019-04)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.5.0. It is, therefore, affected by multiple vulnerabilities: - A reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could...

CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

CVE-2019-3962

CVE-2019-3962 affects Tenable Nessus pre-8.5.0. An authenticated, local attacker can induce a targeted user to view a malicious URL and trigger Nessus to send fraudulent messages, allowing arbitrary text to be injected into the feed status, persisting after session expiration. Mitigation: upgrade...