A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 up to and including 6.5.68. This issue allows malicious users to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rapid7 nexpose |