CVE-2017-2122
published 2017-05-12CVE-2017-2122: Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script…
PriorityP422medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.78%
51.1th percentile
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable_network_security_inc | nessus | — | — |
| tenable_network_security_inc | nessus | — | — |
| tenable_network_security_inc | nessus | — | — |
| tenable_network_security_inc | nessus | — | — |
| tenable_network_security_inc | nessus | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
[R4] Nessus 6.9.3 Fixes Two Vulnerabilities
blogs_tenable·2017-01-03
[R4] Nessus 6.9.3 Fixes Two Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 wildmidi: Multiple vulnerabilities
bugzilla·2017-08-08·CVSS 7.5
CVE-2017-11661 [HIGH] CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 wildmidi: Multiple vulnerabilities
CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 wildmidi: Multiple vulnerabilities
CVE-2017-11661
the _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service(invalid memory read and application crash) via a crafted mid file.
CVE-2017-11662
the _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service(invalid memory read and application crash) via a crafted mid file.
CVE-2017-11663
the _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service(invalid memory read and application crash) via a crafted mid file.
CVE-2017-11664
the _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service(invalid memory read and applicatio
2017-05-12
Published