Vulnerabilites related to Tenable, Inc. - Nessus
jvndb-2018-000052
Vulnerability from jvndb
Published
2018-05-21 13:39
Modified
2018-08-30 13:47
Severity ?
Summary
Nessus vulnerable to cross-site scripting
Details
Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability (CWE-79).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN96954395/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1147 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2018-1147 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Tenable, Inc. | Nessus |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000052.html",
"dc:date": "2018-08-30T13:47+09:00",
"dcterms:issued": "2018-05-21T13:39+09:00",
"dcterms:modified": "2018-08-30T13:47+09:00",
"description": "Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000052.html",
"sec:cpe": {
"#text": "cpe:/a:tenable:nessus",
"@product": "Nessus",
"@vendor": "Tenable, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000052",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN96954395/index.html",
"@id": "JVN#96954395",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1147",
"@id": "CVE-2018-1147",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1147",
"@id": "CVE-2018-1147",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Nessus vulnerable to cross-site scripting"
}
jvndb-2017-000082
Vulnerability from jvndb
Published
2017-05-09 13:52
Modified
2017-11-27 16:55
Severity ?
Summary
Nessus vulnerable to cross-site scripting
Details
Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CWE-79) (CVE-2017-2122).
An authenticated user may store crafted contents to Nessus.
According to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122.
For more information, please see the developer's advisory.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability (CVE-2017-2122) to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN87760109/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2122 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2122 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Tenable, Inc. | Nessus |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000082.html",
"dc:date": "2017-11-27T16:55+09:00",
"dcterms:issued": "2017-05-09T13:52+09:00",
"dcterms:modified": "2017-11-27T16:55+09:00",
"description": "Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CWE-79) (CVE-2017-2122).\r\nAn authenticated user may store crafted contents to Nessus.\r\n\r\nAccording to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122.\r\nFor more information, please see the developer\u0027s advisory.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability (CVE-2017-2122) to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000082.html",
"sec:cpe": {
"#text": "cpe:/a:tenable:nessus",
"@product": "Nessus",
"@vendor": "Tenable, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000082",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87760109/index.html",
"@id": "JVN#87760109",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2122",
"@id": "CVE-2017-2122",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2122",
"@id": "CVE-2017-2122",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Nessus vulnerable to cross-site scripting"
}
jvndb-2017-000013
Vulnerability from jvndb
Published
2017-01-24 13:38
Modified
2017-02-20 17:44
Severity ?
Summary
Nessus vulnerable to cross-site scripting
Details
Nessus contains a stored cross-site scripting (CWE-79) vulnerability in handling .nessus files.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Tenable, Inc. | Nessus |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html",
"dc:date": "2017-02-20T17:44+09:00",
"dcterms:issued": "2017-01-24T13:38+09:00",
"dcterms:modified": "2017-02-20T17:44+09:00",
"description": "Nessus contains a stored cross-site scripting (CWE-79) vulnerability in handling .nessus files.\r\n\r\nNoriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html",
"sec:cpe": {
"#text": "cpe:/a:tenable:nessus",
"@product": "Nessus",
"@vendor": "Tenable, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000013",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12796388/index.html",
"@id": "JVN#12796388",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9260",
"@id": "CVE-2016-9260",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9260",
"@id": "CVE-2016-9260",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Nessus vulnerable to cross-site scripting"
}
jvndb-2007-000548
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Nessus report function vulnerable to arbitrary script execution
Details
Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.
Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Tenable, Inc. | Nessus |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000548.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Nessus scanning report in HTML format contains the target server\u0027s responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user\u0027s web browser when the user views the report.\r\n\r\nNessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server\u0027s responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user\u0027s web browser when the user views the report.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000548.html",
"sec:cpe": {
"#text": "cpe:/a:tenable:nessus",
"@product": "Nessus",
"@vendor": "Tenable, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000548",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN34058672/index.html",
"@id": "JVN#34058672",
"@source": "JVN"
},
"title": "Nessus report function vulnerable to arbitrary script execution"
}