CVE-2018-1155
MEDIUMTenable SecurityCenter < 5.7.0 - Authenticated Cross-Site Scripting via Reports Image Filename Parameter
Title source: llmDescription
In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2018-11
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041431
Scores
CVSS v3
5.4
EPSS
0.0029
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tenable/securitycenter
< 5.7.0
Published
Aug 02, 2018
Tracked Since
Feb 18, 2026