Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rapid7 Velociraptor Notebooks Authenticated Persistent XSS
Vulnerability Description
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Rapid7 InsightVM跨站脚本漏洞
Vulnerability Description
Rapid7 InsightVM是美国Rapid7公司的一款漏洞扫描和管理应用程序。 Rapid7 InsightVM 0.5.9及之前版本存在跨站脚本漏洞,通过身份验证的用户可在恶意上传中嵌入可执行代码。
CVSS Information
N/A
Vulnerability Type
N/A