Rapid7 Metasploit Pro 4.17.1-20200427 Scan Asset notes cross site scripting

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Rapid7 Metasploit Pro 4.17.1-20200427 and classified as problematic. This vulnerability affects an unknown code block of the component Scan Asset Handler. Upgrading to version 4.17.1-20200514 eliminates this vulnerability.

Field06/26/2020 02:11 PM10/27/2020 11:25 AM10/27/2020 11:28 AM
date1593043200 (06/25/2020)1593043200 (06/25/2020)1593043200 (06/25/2020)
urlhttps://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version4.17.1-202005144.17.1-202005144.17.1-20200514
cveCVE-2020-7355CVE-2020-7355CVE-2020-7355
seealso157287157287157287
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore6.16.16.1
vendorRapid7Rapid7Rapid7
nameMetasploit ProMetasploit ProMetasploit Pro
version4.17.1-202004274.17.1-202004274.17.1-20200427
componentScan Asset HandlerScan Asset HandlerScan Asset Handler
argumentnotesnotesnotes
risk111
cvss2_vuldb_basescore2.82.82.8
cvss2_vuldb_tempscore2.42.42.4
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss3_meta_basescore4.24.24.2
cvss3_meta_tempscore4.04.04.0
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.32.32.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aNNN
cve_assigned157956480015795648001579564800
cve_nvd_summaryCross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prHHH
confirm_urlhttps://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514
cve_cnaRapid7, Inc.

Interested in the pricing of exploits?

See the underground prices here!