CVE-2024-1471

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
References
Link Resource
https://www.tenable.com/security/tns-2024-02 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*

History

19 Nov 2024, 16:05

Type Values Removed Values Added
CWE CWE-79
First Time Tenable
Tenable security Center
Summary
  • (es) Existe una vulnerabilidad de inyección de HTML en la que un atacante remoto autenticado con privilegios de administrador en la aplicación Security Center podría modificar los parámetros del repositorio, lo que podría provocar ataques de redirección de HTML.
References () https://www.tenable.com/security/tns-2024-02 - () https://www.tenable.com/security/tns-2024-02 - Vendor Advisory
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*

14 Feb 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-14 22:15

Updated : 2024-11-19 16:05


NVD link : CVE-2024-1471

Mitre link : CVE-2024-1471

CVE.ORG link : CVE-2024-1471


JSON object : View

Products Affected

tenable

  • security_center
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-20

Improper Input Validation