CVE-2019-3923 — Cross-site Scripting in Nessus

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 59.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Nessus Tenable Nessus

Timeline

PublishedFeb 12

Latest updateMay 14

Description

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDtenable/nessus8.2.1

▶CVEListV5tenable/tenable_nessusAll versions prior to 8.2.2

🔴Vulnerability Details

GHSA

GHSA-x9wg-fm6f-f8w7: Nessus versions 8↗2022-05-14

▶

CVEList

CVE-2019-3923: Nessus versions 8↗2019-02-12

▶