CVE-2022-0758: Rapid7 Nexpose Reflected XSS
First published: Wed Mar 09 2022(Updated: )
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 Nexpose | <6.6.130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-0758?
CVE-2022-0758 is a reflected cross-site scripting vulnerability in Rapid7 Nexpose versions 6.6.129 and earlier.
How severe is CVE-2022-0758?
CVE-2022-0758 has a severity rating of 6.1, which is considered medium.
Which software versions are affected by CVE-2022-0758?
Rapid7 Nexpose versions 6.6.129 and earlier are affected by CVE-2022-0758.
How can an attacker exploit CVE-2022-0758?
An attacker can exploit CVE-2022-0758 by passing literal values as test credentials, allowing for potential cross-site scripting attacks.
Is there a fix for CVE-2022-0758?
Yes, the fix for CVE-2022-0758 is to upgrade to Rapid7 Nexpose version 6.6.130 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/rapid7
- canonical/rapid7 nexpose