CVE-2019-3962

LOW Year: 2019
CVSS v3 Score
3.3
Low
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.

Related Vulnerabilities

CVE-2020-11499

LOW
CVSS:3.3(Low)

Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctio...

CWE-792020

CVE-2024-9283

MEDIUM
CVSS:3.3(Low)

A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site s...

CWE-792024

CVE-2023-4517

LOW
CVSS:3.2(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

CWE-792023

CVE-2022-4067

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2022-4069

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2023-1237

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

CWE-792023