CVE-2019-3962Cross-site Scripting in Nessus

CWE-79Cross-site Scripting3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 54.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Nessus
Timeline
PublishedJul 1
Latest updateMay 24

Description

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDtenable/nessus< 8.5.0
CVEListV5tenable/nessusAll versions prior to 8.5.0

🔴Vulnerability Details

2
GHSA
GHSA-6qcm-fw4g-v4h2: Content Injection vulnerability in Tenable Nessus prior to 82022-05-24
CVEList
CVE-2019-3962: Content Injection vulnerability in Tenable Nessus prior to 82019-07-01
CVE-2019-3962 — Cross-site Scripting in Tenable Nessus | cvebase