National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:tenable:securitycenter:4.7
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.

Published: August 02, 2018; 03:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-1154

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.

Published: August 02, 2018; 03:29:00 PM -04:00
V3: 8.8 HIGH
V2: 3.3 LOW
CVE-2013-5911

Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Published: September 24, 2013; 06:35:52 AM -04:00
V2: 4.3 MEDIUM