CVE-2016-9260

Description

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.247

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Nessus Agent (x64) 6.8.1	Windows
Multiple Vulnerabilities are affected in Nessus Agent 6.8.1	Windows
Multiple vulnerabilities are fixed in Nessus 6.9	Windows
Multiple vulnerabilities are fixed in Tenable Nessus 6.9	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343100	Nessus Agent (x64) (10.8.0)
PATCH-343099	Nessus Agent (10.8.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234