VYPR
Unrated severityNVD Advisory· Published May 20, 2025· Updated May 20, 2025

CVE-2025-4951

CVE-2025-4951

Description

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly.

This is fixed as of version 7.5.018

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rapid7/Appspider Prollm-fuzzy2 versions
    <7.5.018+ 1 more
    • (no CPE)range: <7.5.018
    • (no CPE)range: Below 7.5.018

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.