Unrated severityNVD Advisory· Published Nov 6, 2023· Updated Sep 5, 2024
Rapid7 Velociraptor Reflected XSS
CVE-2023-5950
Description
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<0.7.0-4 (or >=0.7.0-04; 0.6.9-1 also patches 0.6.9 line)+ 1 more
- (no CPE)range: <0.7.0-4 (or >=0.7.0-04; 0.6.9-1 also patches 0.6.9 line)
- (no CPE)range: 0
- osv-coordsRange: < 0.7.0.4.git74.3426c0a-5.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.