CVE-2024-1891 — Cross-site Scripting in Security Center

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.2%

top 56.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Security Center

Timeline

PublishedJun 12

Description

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5tenable/security_center< 6.4.0

▶NVDtenable/security_center< 6.4.0

🔴Vulnerability Details

GHSA

GHSA-r796-crfr-hhr5: A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a we↗2024-06-12

▶

CVEList

Stored Cross Site Scripting↗2024-06-12

▶