CVE-2024-9158 HIGH

CVE-2024-9158: XSS

Vendor Tenable

Product Nessus Network Monitor

Weakness CWE-79 · XSS

Published September 30, 2024

Last update September 30, 2024

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.

Key dates

02Disclosure timeline

September 30, 2024 CVE published

September 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9158 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2024-9158: XSS

01Description

02Disclosure timeline

03References

04Related CVE