Tenable Nessus 6.8.x and 6.9.x < 6.9.1 Stored XSS (TNS-2016-17)
Low Nessus Plugin ID 97193
SynopsisAn application running on the remote host is affected by a stored cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Tenable Nessus application running on the remote host is 6.8.x or 6.9.x prior to 6.9.1. It is, therefore, affected by a stored cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input.
An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Tenable Nessus version 6.9.1 or later.