CVE-2021-3619

CVE-2021-3619

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

Source: CVE-2021-3619

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다