漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rapid7 Metasploit Pro Stored XSS
Vulnerability Description
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Rapid7 Metasploit Pro 跨站脚本漏洞
Vulnerability Description
Rapid7 Metasploit Pro是美国Rapid7公司的一套渗透测试软件。 Rapid7 Metasploit Pro 4.21.2 及之前版本存在安全漏洞,该漏洞源于JavaScript 请求字符串清理不足,攻击者利用该漏洞可以使用特制请求在目标浏览器中对另一个 Metasploit Pro 用户执行HTML 和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A