Unrated severityNVD Advisory· Published May 20, 2025· Updated May 20, 2025
CVE-2025-4951
CVE-2025-4951
Description
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly.
This is fixed as of version 7.5.018
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<7.5.018+ 1 more
- (no CPE)range: <7.5.018
- (no CPE)range: Below 7.5.018
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.