SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated malicious user to create and upload an .audit file, that may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable.
Vulmon