A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-07-03
Updated
2019-10-09
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Max CVSS
8.8
EPSS Score
0.18%
Published
2017-12-14
Updated
2018-01-31
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Max CVSS
6.8
EPSS Score
0.82%
Published
2014-02-04
Updated
2014-02-24
3 vulnerabilities found