Metasploit@* Security Vulnerabilities and Issues — Metasploit@* CVE List

Lucene search

Rapid7Metasploit*

4 matches found

CVE•added 2020/10/29 3:15 p.m.•123 views

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

9.3CVSS7.4AI score0.65465EPSS

CVE•added 2020/04/22 10:15 p.m.•96 views

CVE-2020-7350

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be ...

7.8CVSS7AI score0.58671EPSS

CVE•added 2020/06/25 6:15 p.m.•34 views

CVE-2020-7355

Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

6.1CVSS5.5AI score0.00426EPSS

CVE•added 2020/06/25 6:15 p.m.•24 views

CVE-2020-7354

Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

6.1CVSS5.5AI score0.00426EPSS