CVE-2024-0955

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 73.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Nessus

Timeline

PublishedFeb 7

Description

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5tenable/nessus< 10.7.0

▶NVDtenable/nessus< 10.7.0

🔴Vulnerability Details

GHSA

GHSA-6j46-c3h7-p829: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus p↗2024-02-07

▶

CVEList

Stored XSS vulnerability↗2024-02-06

▶