CVE-2020-5737 — Cross-site Scripting in Tenable.sc

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 54.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Tenable.sc

Timeline

PublishedApr 17

Latest updateMay 24

Description

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5tenable/tenable.sc< 5.14.0

▶NVDtenable/tenable.sc5.14.0, 5.14.1+1

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-g5v9-3hmq-xg2r: Stored XSS in Tenable↗2022-05-24

▶

CVEList

CVE-2020-5737: Stored XSS in Tenable↗2020-04-17

▶