Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-8503

SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker to create and upload an .audit file, that may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.

Source

SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker to create and upload an .audit file, that may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[R3] SecurityCenter .audit File Upload Stored XSS

Synopsis

Solution

Vulmon Search

About

Products

Connect