Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-7280. PoCs published by Frank Lycops.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Nessus Web UI 2.3.3 by setting up a malicious web server that returns a crafted 'Server' header containing JavaScript code. The code is stored in the backend database and executes when a user views a report.
Description
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in Nessus Web UI 2.3.3 by setting up a malicious web server that returns a crafted 'Server' header containing JavaScript code. The code is stored in the backend database and executes when a user views a report.