CVE-2025-4951

Published May 20, 2025

Last updated a month ago

CVSS medium 4.6

Overview

Description
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018
Source
cve@rapid7.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
2.7
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

cve@rapid7.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-4951 Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application pr… https://t.co/XNLLKSL8J7

    @CVEnew

    20 May 2025

    473 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.