Vulnerability CVE-2018-1155


Published: 2018-08-02

Description:
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Tenable -> Securitycenter 

 References:
http://www.securitytracker.com/id/1041431
https://www.tenable.com/security/tns-2018-11

Copyright 2024, cxsecurity.com

 

Back to Top