Rapid7CVELIST:CVE-2023-5950CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a userโs web browser.ย This vulnerability is fixed inย version 0.7.0-04 and aย patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Velociraptor",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "0.7.0-4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%