3 matches found
CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. We want to thank Mathias Kujala for working with the Velociraptor team to identify and rectify this issue. It has been fixed as of Version 0.7.0-4, released November 6, 2023. CVSS · HIGH ·...
CVE-2023-5950
CVE-2023-5950 – Rapid7 Velociraptor : Reported as a reflected cross-site scripting vulnerability in Velociraptor versions prior to 0.7.0-4, enabling attackers to inject JS via the error path. A fix is available in version 0.7.0-04, with patches also provided for 0.6.9 (0.6.9-1). Several connected...