CVE-2020-5765: XSS
First published: Wed Jul 15 2020(Updated: )
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <=8.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security flaw?
The vulnerability ID of this security flaw is CVE-2020-5765.
What is the severity level of CVE-2020-5765?
The severity level of CVE-2020-5765 is medium.
What is the affected software by CVE-2020-5765?
The affected software by CVE-2020-5765 is Nessus 8.10.0 and earlier.
What is the potential impact of CVE-2020-5765?
The potential impact of CVE-2020-5765 is the execution of arbitrary code in a user's session.
Is there a fix or patch available for CVE-2020-5765?
Yes, Tenable has implemented additional measures to address this vulnerability.
- collector/nvd-index
- vendor/tenable
- canonical/tenable nessus
- version/tenable nessus/8.10.0