Stored XSS Vulnerability in Nessus Application Allows Remote Code Execution

Stored XSS Vulnerability in Nessus Application Allows Remote Code Execution

CVE-2024-0955 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

Learn more about our Web Application Penetration Testing UK.