CVE-2021-3535
Last modified
CVE-2021-3535 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Nexpose | < 6.6.81 |
References
- https://docs.rapid7.com/release-notes/nexpose/20210505/Release Notes, Vendor Advisory
- https://docs.rapid7.com/release-notes/nexpose/20210505/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3535?
How severe is CVE-2021-3535?
How do I fix CVE-2021-3535?
Are you affected by CVE-2021-3535?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST