CVE-2018-1147 is a vulnerability in Tenable Nessus
Published on May 18, 2018
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
Products Associated with CVE-2018-1147
Want to know whenever a new CVE is published for Tenable Nessus? stack.watch will email you.
Affected Versions
Tenable Nessus Version All versions prior to 7.1.0 is affected by CVE-2018-1147Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.