1 results (0.019 seconds)

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). Las versiones de Rapid7 Velociraptor anteriores a 0.7.0-4 sufren de una vulnerabilidad de cross site scripting. • https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •