Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R3] Tenable Nessus Web UI Reflected XSS

Related Vulnerabilities: CVE-2010-2914  

Nessus contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the Web GUI (nessusd_www_server.nbin) does not validate unspecified input to a GET parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Source

Synopsis

Nessus contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the Web GUI (nessusd_www_server.nbin) does not validate unspecified input to a GET parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Solution

Tenable has Nessus to address this issue. Please see the instructions below:

Tenable has released version 1.2.4 of the Web GUI for all supported operating systems and architectures.

By default, Nessus updates the plugins once every day. Users do not need to do anything to receive the update.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started