This exploit demonstrates a stored XSS vulnerability in Nessus 8.2.1. The payload is injected via the 'value' parameter in a POST request to the '/policies' endpoint, which then executes when accessed through the policy configuration page.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Nessus 8.2.1
Auth required
Prerequisites:Valid API token and session cookie · Access to the Nessus web interface