CVE-2024-0955 MEDIUM

CVE-2024-0955: Stored XSS vulnerability

Vendor Tenable

Product Nessus

Weakness CWE-20 · Input validation

Published February 6, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0955 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2019-1959 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities CVE-2026-48289 Adobe Experience Manager | Improper Input Validation (CWE-20) CVE-2024-25131 Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation CVE-2023-36821 Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation CVE-2020-26291 Hostname spoofing in URI.js