CVE-2018-1155: XSS
First published: Thu Aug 02 2018(Updated: )
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable SecurityCenter | <5.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1155?
CVE-2018-1155 is a cross-site scripting (XSS) vulnerability in SecurityCenter versions prior to 5.7.0.
How does CVE-2018-1155 vulnerability affect Tenable SecurityCenter?
The vulnerability affects Tenable SecurityCenter versions prior to 5.7.0.
What is the severity of CVE-2018-1155 vulnerability?
The severity of CVE-2018-1155 vulnerability is medium with a CVSS score of 5.4.
How can an attacker exploit CVE-2018-1155 vulnerability?
An authenticated attacker can exploit the vulnerability by injecting malicious JavaScript code into the Reports feature's image filename parameter.
Has Tenable released a fix for CVE-2018-1155 vulnerability?
Yes, Tenable has implemented updated input validation techniques in SecurityCenter version 5.7.0 to fix the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/tenable
- canonical/tenable securitycenter