Description
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Robert Gilbert · textwebappsmultiple
https://www.exploit-db.com/exploits/23924
References (5)
Core 5
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/23924
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/88923
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html
Patch, Vendor Advisory x_refsource_confirm
https://community.rapid7.com/docs/DOC-2155#release1
Exploit x_refsource_misc
http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html
Scores
EPSS
0.0039
EPSS Percentile
59.8%
Details
CWE
CWE-352
Status
published
Products (15)
rapid7/nexpose
5.4
rapid7/nexpose
5.4.1
rapid7/nexpose
5.4.2
rapid7/nexpose
5.4.3
rapid7/nexpose
5.4.4
rapid7/nexpose
5.4.5
rapid7/nexpose
5.4.6
rapid7/nexpose
5.4.7
rapid7/nexpose
5.4.8
rapid7/nexpose
5.4.9
... and 5 more
Published
Feb 04, 2014
Tracked Since
Feb 18, 2026