Vulnerability Details CVE-2014-7280
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/112728
- http://packetstormsecurity.com/files/128579/Nessus-Web-UI-2.3.3-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2014/Oct/26
- http://www.exploit-db.com/exploits/34929
- http://www.securityfocus.com/bid/70274
- http://www.tenable.com/security/tns-2014-08
- http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html
- http://osvdb.org/112728
- http://packetstormsecurity.com/files/128579/Nessus-Web-UI-2.3.3-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2014/Oct/26
- http://www.exploit-db.com/exploits/34929
- http://www.securityfocus.com/bid/70274
- http://www.tenable.com/security/tns-2014-08
- http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html