Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1147 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings. | |||||
| CVE-2018-1141 | 1 Tenable | 1 Nessus | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | |||||
| CVE-2017-18214 | 2 Momentjs, Tenable | 2 Moment, Nessus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | |||||
| CVE-2016-1000029 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | |||||
| CVE-2016-1000028 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). | |||||