CVE-2017-2122 — Cross-site Scripting in Network Security INC Nessus

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 41.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Network Security INC Nessus Tenable Nessus

Timeline

PublishedMay 12

Latest updateMay 17

Description

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDtenable/nessus5 versions+4

▶CVEListV5tenable_network_security_inc/nessus5 versions+4

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-hcx5-5vj5-h7x2: Cross-site scripting vulnerability in Nessus versions 6↗2022-05-17

▶

CVEList

CVE-2017-2122: Cross-site scripting vulnerability in Nessus versions 6↗2017-05-12

▶

💬Community

Bugzilla

CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 wildmidi: Multiple vulnerabilities↗2017-08-08

▶