← back
CVE-2016-9757

CVE-2016-9757

EPSS 0.6%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Dec 2016Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.
Affected products
Rapid7 · Nexpose

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.13http://www.securityfocus.com/bid/94996