2 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 6

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. Vulnerabilidad de XSS en la interfaz de usuario Web anterior a 2.3.4 Build #85 para Tenable Nessus 5.x permite a servidores web remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera de servidor. Nessus Web UI version 2.3.3 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34929 http://osvdb.org/112728 http://packetstormsecurity.com/files/128579/Nessus-Web-UI-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Oct/26 http://www.exploit-db.com/exploits/34929 http://www.securityfocus.com/bid/70274 http://www.tenable.com/security/tns-2014-08 http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. El recurso /server/properties en Tenable Web UI anterior a 2.3.5 para Nessus 5.2.3 hasta 5.2.7 permite a atacantes remotos obtener información sensible a través del parámetro token. Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering. • http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.html http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui http://www.osvdb.org/109376 http://www.securityfocus.com/archive/1/532839/100/0/threaded http://www.securityfocus.com/bid/68782 http://www.securitytracker.com/id/1030614 http://www.tenable.com/security/tns-2014-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •