2 matches found
CVE-2014-7280
The CVE-2014-7280 issue corresponds to a stored cross-site scripting (XSS) vulnerability in Nessus Web UI. Affected product: Nessus Web UI 2.3.3 (Build #83) prior to 2.3.4 (Build #85). Root cause: improper validation of input passed from plugins, allowing a remote attacker to inject script via th...
CVE-2014-4980
The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...