CVE-2018-1142 — Cross-site Scripting in Appliance

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 47.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Appliance Tenable Appliance

Timeline

PublishedMar 28

Latest updateMay 14

Description

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDtenable/appliance4.6.1

▶CVEListV5tenable/tenable_applianceTenable Appliance versions

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-9qrj-ww3w-jxgp: Tenable Appliance versions 4↗2022-05-14

▶

CVEList

CVE-2018-1142: Tenable Appliance versions 4↗2018-03-28

▶