Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The application installed on the remote host is affected by a
cross-site scripting vulnerability.

Description :

According to its version, the Tenable SecurityCenter application
installed on the remote host is affected by a cross-site scripting
(XSS) vulnerability due to improper validation of uploaded .audit
files before they are rendered on the scan results page. An
authenticated, remote attacker can exploit this, via a crafted .audit
file that is later viewed by an administrator, to execute arbitrary
code in the user's browser session.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://www.tenable.com/security/tns-2015-12

Solution :

Upgrade to Tenable SecurityCenter version 5.2.0.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)

Family: Misc.

Nessus Plugin ID: 89963 ()

Bugtraq ID:

CVE ID: CVE-2015-8503

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now