Vulnerabilities > Rapid7 > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-4016 | Unspecified vulnerability in Rapid7 Insight Agent Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. | 2.1 |
| 2021-07-22 | CVE-2021-3619 | Cross-site Scripting vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. | 3.5 |
| 2020-01-22 | CVE-2019-5647 | Insufficient Session Expiration vulnerability in Rapid7 Appspider The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. | 3.6 |
| 2019-11-06 | CVE-2019-5642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0 Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. | 2.1 |
| 2019-04-09 | CVE-2019-5615 | Insufficiently Protected Credentials vulnerability in Rapid7 Insightvm Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. | 3.5 |
| 2017-06-15 | CVE-2017-5244 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19 Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. | 3.5 |
| 2016-12-20 | CVE-2016-9757 | Cross-site Scripting vulnerability in Rapid7 Nexpose 6.4.12 In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. | 3.5 |