PT-2021-20897 · Rapid7 · Rapid7 Nexpose
Philipp Behmer
·
Published
2021-06-16
·
Updated
2021-06-22
·
CVE-2021-3535
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Rapid7 Nexpose versions prior to 6.6.81
Description:
The issue is a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field.
Recommendations:
For versions prior to 6.6.81, update the Security Console to the latest version, specifically 6.6.81 or later, to resolve the issue. As a temporary workaround, consider restricting the use of the Filtered Asset Search feature until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid7 Nexpose