Rapid7 Velociraptor versions before 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows malicious users to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rapid7 velociraptor 0.7.0-3 |
||
rapid7 velociraptor 0.7.0 |
||
rapid7 velociraptor |