CVE-2014-7280 Information

Description

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build 85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.

Reference

http://osvdb.org/112728 http://packetstormsecurity.com/files/128579/Nessus-Web-UI-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Oct/26 http://www.exploit-db.com/exploits/34929 http://www.securityfocus.com/bid/70274 http://www.tenable.com/security/tns-2014-08 http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html