Security Advisory

CVE-2021-3619

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-17 19:07:39

Last updated 2024-09-17 03:59:06

Assigner rapid7

State PUBLISHED

Description

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

← Browse all CVEs View on cve.org ↗