CVE-2024-9158 | THREATINT

Description

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.

PUBLISHED Reserved 2024-09-24 | Published 2024-09-30 | Updated 2024-09-30 | Assigner tenable

HIGH: 8.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

affected

Any version before 6.5.0

affected

References

www.tenable.com/security/tns-2024-17

cve.org (CVE-2024-9158)

nvd.nist.gov (CVE-2024-9158)

Download JSON