VYPR
Unrated severityNVD Advisory· Published Mar 17, 2022· Updated Sep 16, 2024

Rapid7 Nexpose Reflected XSS

CVE-2022-0758

Description

Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rapid7/Nexposellm-fuzzy2 versions
    <=6.6.129+ 1 more
    • (no CPE)range: <=6.6.129
    • (no CPE)range: 6.6.129

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.