Vulnerabilities > Tenable > Nessus > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-31 CVE-2016-9260 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
network
low complexity
tenable CWE-79
5.4
2017-01-23 CVE-2016-4055 Resource Exhaustion vulnerability in multiple products
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
network
low complexity
momentjs tenable oracle CWE-400
6.5
2017-01-05 CVE-2017-5179 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
tenable CWE-79
5.4