CVE-2018-1155Cross-site Scripting in Securitycenter

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 47.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Securitycenter
Timeline
PublishedAug 2
Latest updateMay 14

Description

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5tenable/securitycenterAll versions prior to 5.7.0

Patches

Patch: www.tenable.comPatch: www.tenable.com

🔴Vulnerability Details

2
GHSA
GHSA-hq5r-7qq4-ph65: In SecurityCenter versions prior to 52022-05-14
CVEList
CVE-2018-1155: In SecurityCenter versions prior to 52018-08-02
CVE-2018-1155 — Cross-site Scripting in Securitycenter | cvebase