CVE-2020-7354

Published Jun 25, 2020
Last updated 4 years ago
CVSS medium 5.4
Overview

Description: Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.
Source: cve@rapid7.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
cve@rapid7.com: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4607DF8-1406-428E-AF03-04D3EFE8586D",
            "versionEndExcluding": "4.17.1"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:-:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E047784-19E4-4178-89BD-8F0E6C30DA94"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170221:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4C55046-26E4-4BE3-9CFA-42DC05F782BC"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170323:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D34B5C5-499B-4F42-86E8-22D978DF8806"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170405:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CBE5966-C31E-4C9F-B2FE-7CDEBD1BC9FD"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170419:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "548C348D-339C-44F7-B755-9F7A13B522E7"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170510:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD803A97-AF04-492F-BC1C-A2246BA3DFDA"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170518:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D7613E2-195A-4B82-9E44-8DA13E3D8CDD"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170530:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7CA753B-D800-4897-850B-0E16A6AB5D99"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170613:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACEF56C3-AD1B-49C1-BE2A-EBB31B24D024"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170627:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0801B0E-C4F4-4B92-BFE8-030F6177449A"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170718:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57CD1F31-5102-4D6C-8380-394A2D3E04E5"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170731:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3C90EF9-9370-4240-83FC-BEF54ECFBB04"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170816:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3777FB35-0AE3-4EB5-988C-08CE20E8AB60"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170828:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645837BA-4122-4B3A-A638-F92894CB0F5C"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170914:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80CE6808-487E-4B67-B617-2FC69201C676"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170926:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13EF0494-CE9E-4B63-9D2E-2AFB3512BAC3"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171009:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41AC3FDB-AEB9-4B6F-81EB-A4EE7FCD2957"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171030:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BF97B2-EF2A-4DD9-81E9-2806731F5A3F"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171115:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5233FFC8-D110-414F-AA4E-F5AF7C74F585"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171129:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D63C9642-EEEA-4B2C-9C6E-9ABBFD9DCBCB"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171206:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63FFB33E-717C-4C6F-8D66-9C9F1C940D87"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171220:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6768BA01-C0FB-49E2-8A61-28929C2B1B1B"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180108:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1866B819-707E-432D-92EA-3AA1F347DAED"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180124:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDDCD2E4-6853-41CE-A07A-2F028E72DFF4"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180206:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3D2C4BF-B825-4890-B2DB-D20FD6756B35"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180301:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76DB58D7-1B47-4817-9D06-E5656B1331F0"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180312:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FF30D6E-0765-4271-A040-235E3B33503E"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180327:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85DD6D65-CE57-4A3A-9193-CD82CCD4BDBC"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180410:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F1B811A-7790-4407-B910-0C70927F7D2F"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180501:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE7DFBE8-5ABE-4C67-A85D-8D37E206E51C"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180511:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3D1BBDD-D3FD-4F3D-9279-46EDF96FE317"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180526:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "488C3810-3393-4817-87DB-0E2CD2CA3969"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180618:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E00DD73-1F9B-4944-907E-F1773316B63B"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180704:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57966911-0CFC-4355-9B08-2F2688302F96"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180716:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8439D629-F7F0-4ADA-9BC6-2E3E34220CDE"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180727:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A26FBA32-4114-42EB-9427-254AB3B9F06B"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180813:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A6AE478-FC91-4A4A-9CB0-7BD29ED42E77"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180827:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21F2F21-3970-4F75-B72B-D939F35448BB"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180907:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0FD1D96-50EA-47E8-997B-CE6B1E58BADA"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180924:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31FC17EF-B89B-48A2-9196-5E2DA5A2D118"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181009:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BB88831-3170-453D-B416-E1F962F8AD6D"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181022:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BBF5DA5-B318-436B-8071-A617B99E0637"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181105:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD348EF-91F5-4C02-BD98-ABA902131183"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181130:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FE78790-13DE-43F6-80C2-3F85FF6E16E6"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181215:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFA0AEAD-9A25-4659-802F-BB56C68847BF"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190108:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1009C89A-D461-4BFF-A91B-24B7D0E17297"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190118:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA03DBAA-EE97-4D73-9454-13FA73F021E8"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190201:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24DF8346-A21D-44C7-A491-A58099B4D88B"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190219:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B38D653-F840-49FA-B4FA-7C23A101E77B"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190303:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67D0992D-FF74-4F93-A00B-BB4EC0F8A51E"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190319:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3909F140-EB22-4D05-8576-4C7445A183DB"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190331:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2610F4B9-0739-4AE8-B4C2-E8578F0466E0"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190416:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EA3D971-ECBC-4810-AE61-3167BD3D7F81"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190426:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2FBED6C-4BDA-4AE2-999F-5D3063B90D18"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190513:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51571BCC-8621-4D0F-AE45-DAFF5AD9099A"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190603:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35266B59-E489-4BF8-ABA5-1B07B3A3B9D3"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190607:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "737684B7-E4EC-46E6-981E-97CDFDEE6AB6"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190626:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C46B768B-11A8-473E-8532-AF7230F5390C"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190722:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA7A63D-9416-4572-81A1-52D8247EAF15"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190805:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26989ACB-F823-47AF-825C-ACEFC77A5ABF"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190819:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E99A1FF5-59C8-4471-A5F4-F6B39CCD5EB2"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190910:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89361CC7-C9C3-4DD6-A812-ACEA2FD9D3CA"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190930:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F87117F9-9B8D-4267-9CA1-98FEFA00DE0F"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191014:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4510FB72-A61D-4998-9C7B-B368ACADC2F0"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191030:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "751D173E-BD8C-40DC-A033-52894F665A00"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191108:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F28F93F4-EF56-4C56-A34F-3582992039F4"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191209:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "536EAD48-FCF6-46A0-B8C6-58CB07E6F689"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200113:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6972D3C6-BBA2-4420-BF7C-F5B0B155E70E"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200122:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7031F096-9223-481D-A024-6EFB55C6333D"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200131:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BF37270-5ABF-4BF0-AC39-78E36E7DFBC0"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200218:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4FC8A3F-0F5D-4E34-8E69-7CA66F3ECC10"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200302:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E69CD84D-9AD9-42EE-8117-CEE86D04B6C6"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200318:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6DBB703-B54E-4E16-964A-77356540891C"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200330:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD215E6E-94E9-45CC-9E03-7458FDABFA8C"
          },
          {
            "criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200413:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2333BC4C-CB58-4BA1-ACD2-CDC308DB7B1E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
