CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-9757

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://www.securityfocus.com/bid/94996
https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13
http://www.securityfocus.com/bid/94996
https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13

Products affected by CVE-2016-9757

Rapid7 » Nexpose » Version: 6.4.12

cpe:2.3:a:rapid7:nexpose:6.4.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9757

Products

Pricing

Contact Us