CVE-2024-0955: Stored XSS vulnerability
First published: Tue Feb 06 2024(Updated: )
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <10.7.0 |
Remedy
Tenable has released Nessus 10.7.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus ).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0955?
CVE-2024-0955 is considered a critical severity vulnerability due to the potential for remote code execution.
How does CVE-2024-0955 affect Tenable Nessus?
CVE-2024-0955 affects Tenable Nessus by allowing authenticated, remote attackers with administrator privileges to execute remote arbitrary scripts.
What versions of Nessus are affected by CVE-2024-0955?
CVE-2024-0955 affects Tenable Nessus versions prior to 10.7.0 exclusively.
How can I remediate CVE-2024-0955?
To remediate CVE-2024-0955, upgrade Tenable Nessus to version 10.7.0 or later.
Who can exploit CVE-2024-0955?
Only authenticated remote attackers with administrator privileges on the Nessus application can exploit CVE-2024-0955.
- agent/remedy
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/tenable
- canonical/tenable nessus