VYPR

Nexpose Security Console

by Rapid7

CVEs (2)

  • CVE-2012-6493Feb 4, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

  • CVE-2019-5630Jul 3, 2019
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS…