Cross-Site Scripting Vulnerability in Tenable SecurityCenter
CVE-2018-1155

5.4MEDIUM

Key Information:

Vendor: Tenable
Status: Securitycenter
Vendor: CVE Published:; 2 August 2018

What is CVE-2018-1155?

A cross-site scripting (XSS) vulnerability exists in Tenable SecurityCenter versions prior to 5.7.0. This flaw allows an authenticated attacker to inject malicious JavaScript code through the image filename parameter within the Reports feature. This can lead to unauthorized actions being performed in the context of the victim's session. The issue has been addressed by implementing improved input validation techniques in the affected versions.

Affected Version(s)

SecurityCenter All versions prior to 5.7.0

References

https://www.tenable.com/security/tns-2018-11

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041431

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 2, 2018
Vulnerability Reserved
Dec 5, 2017