Security Center
CVE-2024-1891
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.
AnalysisAI
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. Affected products include: Tenable Security Center.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Security Center
View allSQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerabi
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Se
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Secu
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges thr
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today