60 matches found
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
Cross site scripting
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
CVE-2023-0599
CVE-2023-0599 affects Rapid7 Metasploit Pro; stored XSS due to insufficient sanitization of JavaScript request strings. An authenticated attacker can inject HTML/script in another user’s browser via a crafted request. Affected: Metasploit Pro 4.21.2 and lower. Impact details are described in sour...
CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
PT-2023-16391 · Rapid7 · Rapid7 Metasploit Pro
Name of the Vulnerable Software and Affected Versions: Rapid7 Metasploit Pro versions 4.21.2 and lower Description: The issue is due to a lack of JavaScript request string sanitization, allowing an authenticated attacker to execute arbitrary HTML and script code in the target browser against...
Rapid7 Metasploit Pro 跨站脚本漏洞
Rapid7 Metasploit Pro is a suite of penetration testing software from the US-based Rapid7. A security vulnerability exists in Rapid7 Metasploit Pro 4.21.2 and prior versions, which stems from insufficient JavaScript request string cleanup, and can be exploited by an attacker to execute HTML and...
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability (CNVD-2021-39049)
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
CVE-2020-7354
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
CVE-2020-7355
Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...
CVE-2020-7354
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
CVE-2020-7355
Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...
Cross site scripting
Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...
Cross site scripting
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
CVE-2020-7354
Rapid7 Metasploit Pro contains a stored-XSS vulnerability in the host field of a discovered scan asset. An attacker who can reach a target’s network service can craft input that stores an XSS sequence, which executes when an operator views the scanned host record in the Metasploit Pro console. A ...
CVE-2020-7355 Rapid7 Metasploit Pro Stored XSS in 'notes' field
Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...
CVE-2020-7354 Rapid7 Metasploit Pro Stored XSS in 'host' field
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
CVE-2020-7355
CVE-2020-7355 is a stored XSS vulnerability in Rapid7 Metasploit Pro’s discovered scan asset notes field. The issue allows an attacker to inject a script via a specially crafted network service, triggering when a user views the scanned host record in the Metasploit Pro interface. Affected: Metasp...