Stored Cross-Site Scripting Vulnerability in Tenable.sc
CVE-2023-24494

5.4MEDIUM

Key Information:

Vendor: Tenable
Status: Tenable.sc
Vendor: CVE Published:; 26 January 2023

What is CVE-2023-24494?

A stored cross-site scripting (XSS) vulnerability has been identified in Tenable.sc due to insufficient validation of user-input. This vulnerability allows an authenticated remote attacker to exploit the system by luring a user into clicking a malicious URL. Once the link is activated, it can lead to the execution of arbitrary script code within the user's browser session, potentially compromising the confidentiality and integrity of user data. Organizations using Tenable.sc should implement security measures to mitigate this issue.

Affected Version(s)

Tenable.sc Tenable.sc versions 5.23.1 and earlier

References

https://www.tenable.com/security/tns-2023-03

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 24, 2023