CVE-2022-0758 LOW

CVE-2022-0758: Rapid7 Nexpose Reflected XSS

Vendor Rapid7
Product Nexpose
Weakness CWE-79 · XSS
Published March 17, 2022
Last update September 16, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.

Key dates

02Disclosure timeline

March 17, 2022 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE