CVE-2023-24494: XSS
First published: Thu Jan 26 2023(Updated: )
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Tenable.sc | <=5.23.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-24494?
The severity of CVE-2023-24494 is medium, with a severity value of 5.4.
How does CVE-2023-24494 affect Tenable.sc?
CVE-2023-24494 affects Tenable.sc by exploiting a stored cross-site scripting (XSS) vulnerability.
How can an attacker exploit CVE-2023-24494?
An attacker can exploit CVE-2023-24494 by convincing a user to click a specially crafted URL, which will execute arbitrary script code.
What version of Tenable.sc is affected by CVE-2023-24494?
Tenable.sc version 5.23.1 is affected by CVE-2023-24494.
Is there a fix available for CVE-2023-24494?
Yes, a fix is available for CVE-2023-24494. Please refer to the vendor's security advisory for more information.
- collector/nvd-index
- vendor/tenable
- canonical/tenable tenable.sc
- version/tenable tenable.sc/5.23.1