Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12)
Medium Nessus Plugin ID 89963
SynopsisThe application installed on the remote host is affected by a cross-site scripting vulnerability.
DescriptionAccording to its version, the Tenable SecurityCenter application installed on the remote host is affected by a cross-site scripting (XSS) vulnerability due to improper validation of uploaded .audit files before they are rendered on the scan results page. An authenticated, remote attacker can exploit this, via a crafted .audit file that is later viewed by an administrator, to execute arbitrary code in the user's browser session.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Tenable SecurityCenter version 5.2.0.