49 matches found
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
CVE-2020-7354
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
Cross site scripting
Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...
Cross site scripting
Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...
CVE-2020-7355
CVE-2020-7355 is a stored XSS vulnerability in Rapid7 Metasploit Pro’s discovered scan asset notes field. The issue allows an attacker to inject a script via a specially crafted network service, triggering when a user views the scanned host record in the Metasploit Pro interface. Affected: Metasp...
Rapid7 Metasploit Framework libnotify plugin OS command injection vulnerability
Rapid7 Metasploit Framework is a penetration testing framework from Rapid7, Inc. libnotify is one of the libraries used to send desktop notifications to the notification daemon. An operating system command injection vulnerability exists in the libnotify plugin in Rapid7 Metasploit Framework versi...
Rapid7 Metasploit Framework Zip Import Directory Traversal
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
Design/Logic Flaw
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2019-5624 Rapid7 Metasploit Framework Zip Import Directory Traversal
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2018-16660
creationtimestamp| type| source ---|---|--- 2019-03-06 04:00:36+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/impervasecuresphereexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
CVE-2025-34121
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/uptimefileupload1.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Rapid7 Cross-Site Request Forgery Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...
CVE-2017-15084
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
Cross site request forgery (csrf)
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
CVE-2017-15084
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
CVE-2017-15084
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
apache-struts2-CVE-2017-5638 Demo Application and...
Directory traversal
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the...