← Back

CVE-2025-4951

nvd nist
Published: May 20, 2025Modified: Dec 11, 2025

JSON object

Loading...
4.6
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.5 / Impact: 2.7
Source: cve@rapid7.com (Secondary)

Description

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018

Affected (1)

Rapid7
1 product
Appspider Pro
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Appspider Pro
Before 7.5.018

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: cve@rapid7.com
Release Notes

Timeline

No history available yet.