Tenable Nessus was found to be impacted by two authenticated stored cross-site scripting (XSS) issues. The first was via a report from Asif Balasinor, covered a reflected XSS issue that was deemed to have no risk as it could only be triggered by the authenticated user. While evaluating that report the director of the Nessus development team, Nicolas Pouvesle, discovered a different stored XSS issue. Both of these have been fixed, but only the stored XSS posed a risk. Tenable thanks Asif Balasinor for his report and prompting us to look further. (CVE-2017-5179) The second, a stored XSS issue that requires authentication was reported to JVN/JPCERT by Toshitsugu Yoneyama. (CVE-2017-2122) Please note that Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.