Metasploit Security Vulnerabilities and Issues — Metasploit CVE List

Lucene search

Rapid7Metasploit

4 matches found

CVE•added 2017/10/06 9:29 p.m.•51 views

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.

6.5CVSS6.4AI score0.00126EPSS

CVE•added 2023/02/01 11:15 p.m.•35 views

CVE-2023-0599

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Meta...

6.1CVSS5.4AI score0.00378EPSS

CVE•added 2020/06/25 6:15 p.m.•32 views

CVE-2020-7355

Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

6.1CVSS5.5AI score0.00426EPSS

CVE•added 2020/06/25 6:15 p.m.•22 views

CVE-2020-7354

Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

6.1CVSS5.5AI score0.00426EPSS