CVE-2019-3962: XSS
First published: Mon Jul 01 2019(Updated: )
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <8.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-3962?
CVE-2019-3962 is a content injection vulnerability that exists in Tenable Nessus prior to version 8.5.0.
How does CVE-2019-3962 affect Tenable Nessus?
CVE-2019-3962 allows an authenticated, local attacker to exploit the vulnerability by convincing another Nessus user to view a malicious URL and use Nessus to send fraudulent messages.
What is the severity of CVE-2019-3962?
The severity of CVE-2019-3962 is medium, with a CVSS score of 3.3.
How can I fix CVE-2019-3962?
To fix CVE-2019-3962, users should upgrade to Tenable Nessus version 8.5.0 or later.
Where can I find more information about CVE-2019-3962?
More information about CVE-2019-3962 can be found on the SecurityFocus and Tenable websites.
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/tenable
- canonical/tenable nessus