CVE-2023-5950 HIGH

CVE-2023-5950: Rapid7 Velociraptor Reflected XSS

Vendor Rapid7

Product Velociraptor

Weakness CWE-79 · XSS

Published November 6, 2023

Last update September 5, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).

Key dates

02Disclosure timeline

November 6, 2023 CVE published

September 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5950

Related vulnerabilities

04Related CVE

CVE-2025-6849 code-projects Simple Forum forum_edit1.php cross site scripting CVE-2021-34643 Skaut bazar <= 1.3.2 Reflected Cross-Site Scripting CVE-2025-49355 WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-26537 WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-26659 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)