CVE-2022-0758

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose versions 6.6.129 and earlier

Description The issue is a reflected cross site scripting vulnerability within the shared scan configuration component of the tool. This allows an attacker to pass literal values as the test credentials, providing the opportunity for a potential XSS attack. The vulnerability exists due to inadequate protection of the web page structure, which could enable a remote attacker to conduct an XSS attack.

Recommendations For Rapid7 Nexpose versions 6.6.129 and earlier, update to version 6.6.130 to resolve the issue. As a temporary workaround, consider restricting access to the shared scan configuration component to minimize the risk of exploitation. Avoid using literal values as test credentials in the affected component until the issue is resolved.