Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Nessus by Tenable, Inc.

    JVNDB-2018-000052

    Vulnerability from jvndb - Published: 2018-05-21 13:39 - Updated:2018-08-30 13:47
    Severity
    Summary
    Nessus vulnerable to cross-site scripting
    Details
    Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability (CWE-79). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000052.html",
      "dc:date": "2018-08-30T13:47+09:00",
      "dcterms:issued": "2018-05-21T13:39+09:00",
      "dcterms:modified": "2018-08-30T13:47+09:00",
      "description": "Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000052.html",
      "sec:cpe": {
        "#text": "cpe:/a:tenable:nessus",
        "@product": "Nessus",
        "@vendor": "Tenable, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000052",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN96954395/index.html",
          "@id": "JVN#96954395",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1147",
          "@id": "CVE-2018-1147",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1147",
          "@id": "CVE-2018-1147",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Nessus vulnerable to cross-site scripting"
    }

    JVNDB-2017-000082

    Vulnerability from jvndb - Published: 2017-05-09 13:52 - Updated:2017-11-27 16:55
    Severity
    Summary
    Nessus vulnerable to cross-site scripting
    Details
    Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CWE-79) (CVE-2017-2122). An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122. For more information, please see the developer's advisory. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability (CVE-2017-2122) to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000082.html",
      "dc:date": "2017-11-27T16:55+09:00",
      "dcterms:issued": "2017-05-09T13:52+09:00",
      "dcterms:modified": "2017-11-27T16:55+09:00",
      "description": "Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CWE-79) (CVE-2017-2122).\r\nAn authenticated user may store crafted contents to Nessus.\r\n\r\nAccording to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122.\r\nFor more information, please see the developer\u0027s advisory.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability (CVE-2017-2122) to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000082.html",
      "sec:cpe": {
        "#text": "cpe:/a:tenable:nessus",
        "@product": "Nessus",
        "@vendor": "Tenable, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000082",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN87760109/index.html",
          "@id": "JVN#87760109",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2122",
          "@id": "CVE-2017-2122",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2122",
          "@id": "CVE-2017-2122",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Nessus vulnerable to cross-site scripting"
    }

    JVNDB-2017-000013

    Vulnerability from jvndb - Published: 2017-01-24 13:38 - Updated:2017-02-20 17:44
    Severity
    Summary
    Nessus vulnerable to cross-site scripting
    Details
    Nessus contains a stored cross-site scripting (CWE-79) vulnerability in handling .nessus files. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html",
      "dc:date": "2017-02-20T17:44+09:00",
      "dcterms:issued": "2017-01-24T13:38+09:00",
      "dcterms:modified": "2017-02-20T17:44+09:00",
      "description": "Nessus contains a stored cross-site scripting (CWE-79) vulnerability in handling .nessus files.\r\n\r\nNoriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html",
      "sec:cpe": {
        "#text": "cpe:/a:tenable:nessus",
        "@product": "Nessus",
        "@vendor": "Tenable, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000013",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN12796388/index.html",
          "@id": "JVN#12796388",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9260",
          "@id": "CVE-2016-9260",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9260",
          "@id": "CVE-2016-9260",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Nessus vulnerable to cross-site scripting"
    }

    JVNDB-2007-000548

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Nessus report function vulnerable to arbitrary script execution
    Details
    Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000548.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "Nessus scanning report in HTML format contains the target server\u0027s responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user\u0027s web browser when the user views the report.\r\n\r\nNessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server\u0027s responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user\u0027s web browser when the user views the report.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000548.html",
      "sec:cpe": {
        "#text": "cpe:/a:tenable:nessus",
        "@product": "Nessus",
        "@vendor": "Tenable, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000548",
      "sec:references": {
        "#text": "http://jvn.jp/en/jp/JVN34058672/index.html",
        "@id": "JVN#34058672",
        "@source": "JVN"
      },
      "title": "Nessus report function vulnerable to arbitrary script execution"
    }