Stored XSS in Tenable.Sc Affects User Sessions
CVE-2020-5737

5.4MEDIUM

Key Information:

Vendor: Tenable
Status: Tenable.sc
Vendor: CVE Published:; 17 April 2020

What is CVE-2020-5737?

A security vulnerability in Tenable.Sc before version 5.14.0 allows authenticated attackers to exploit stored XSS by crafting requests that execute arbitrary script code in user sessions. Proper input validation techniques have been implemented in subsequent releases to address this issue, enhancing the overall security of the application.

Affected Version(s)

Tenable.Sc < 5.14.0

References

https://www.tenable.com/security/tns-2020-02

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2020
Vulnerability Reserved
Jan 6, 2020