CVE-2020-5765 : What You Need to Know
Learn about CVE-2020-5765, a Stored XSS vulnerability in Tenable Nessus versions < 8.11.0. Remote attackers can execute arbitrary code. Update to version 8.11.0 for mitigation.
Nessus 8.10.0 and earlier versions contain a Stored XSS vulnerability that allows remote attackers to execute arbitrary code. Tenable has addressed this issue in version 8.11.0.
Understanding CVE-2020-5765
Nessus vulnerability due to improper input validation during scan configuration.
What is CVE-2020-5765?
- Stored XSS vulnerability in Tenable Nessus versions < 8.11.0
- Attackers can execute arbitrary code in a user's session
The Impact of CVE-2020-5765
- Remote attackers can exploit the vulnerability
- Potential execution of arbitrary code in user sessions
Technical Details of CVE-2020-5765
Nessus vulnerability details and affected systems.
Vulnerability Description
- Stored XSS vulnerability in Nessus < 8.11.0
- Improper input validation during scan configuration
Affected Systems and Versions
- Product: Tenable Nessus
- Versions affected: < 8.11.0
Exploitation Mechanism
- Attackers exploit vulnerability to execute arbitrary code
Mitigation and Prevention
Steps to mitigate and prevent the vulnerability.
Immediate Steps to Take
- Update Nessus to version 8.11.0
- Implement additional input validation mechanisms
Long-Term Security Practices
- Regularly update security software
- Conduct security audits and assessments
- Educate users on safe scanning practices
Patching and Updates
- Apply patches and updates promptly to fix vulnerabilities