SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker to create and upload an .audit file, that may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Please note that Tenable strongly recommends that SecurityCenter be installed on a subnet that is not Internet addressable. Upgrade to SecurityCenter 5.2.0 (Server Build ID: 201512112196 or later). Upgrade information can be obtained from http://static.tenable.com/prod_docs/upgrade_security_center.html.