{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:33:15.572","vulnerabilities":[{"cve":{"id":"CVE-2020-7354","sourceIdentifier":"cve@rapid7.com","published":"2020-06-25T18:15:12.317","lastModified":"2024-11-21T05:37:06.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el campo \"host\" de un activo de escaneo detectado en Rapid7 Metasploit Pro, permite a un atacante con un servicio de red especialmente diseñado de un objetivo de escaneo almacenar una secuencia de tipo XSS en la consola Metasploit Pro, que se activará cuando el operador visualiza el registro de ese host escaneado en la interfaz Metasploit Pro. Este problema afecta a Rapid7 Metasploit Pro versión 4.17.1-20200427 y versiones anteriores, y es corregido en Metasploit Pro versión 4.17.1-20200514. Consulte también CVE-2020-7355, que describe un problema similar, pero involucrando el campo \"notes\" generado de un activo de escaneo detectado"}],"metrics":{"cvssMetricV31":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*","versionEndExcluding":"4.17.1","matchCriteriaId":"B4607DF8-1406-428E-AF03-04D3EFE8586D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:-:*:*:pro:*:*:*","matchCriteriaId":"8E047784-19E4-4178-89BD-8F0E6C30DA94"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170221:*:*:pro:*:*:*","matchCriteriaId":"E4C55046-26E4-4BE3-9CFA-42DC05F782BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170323:*:*:pro:*:*:*","matchCriteriaId":"2D34B5C5-499B-4F42-86E8-22D978DF8806"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170405:*:*:pro:*:*:*","matchCriteriaId":"3CBE5966-C31E-4C9F-B2FE-7CDEBD1BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170419:*:*:pro:*:*:*","matchCriteriaId":"548C348D-339C-44F7-B755-9F7A13B522E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170510:*:*:pro:*:*:*","matchCriteriaId":"CD803A97-AF04-492F-BC1C-A2246BA3DFDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170518:*:*:pro:*:*:*","matchCriteriaId":"1D7613E2-195A-4B82-9E44-8DA13E3D8CDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170530:*:*:pro:*:*:*","matchCriteriaId":"F7CA753B-D800-4897-850B-0E16A6AB5D99"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170613:*:*:pro:*:*:*","matchCriteriaId":"ACEF56C3-AD1B-49C1-BE2A-EBB31B24D024"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170627:*:*:pro:*:*:*","matchCriteriaId":"F0801B0E-C4F4-4B92-BFE8-030F6177449A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170718:*:*:pro:*:*:*","matchCriteriaId":"57CD1F31-5102-4D6C-8380-394A2D3E04E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170731:*:*:pro:*:*:*","matchCriteriaId":"C3C90EF9-9370-4240-83FC-BEF54ECFBB04"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170816:*:*:pro:*:*:*","matchCriteriaId":"3777FB35-0AE3-4EB5-988C-08CE20E8AB60"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170828:*:*:pro:*:*:*","matchCriteriaId":"645837BA-4122-4B3A-A638-F92894CB0F5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170914:*:*:pro:*:*:*","matchCriteriaId":"80CE6808-487E-4B67-B617-2FC69201C676"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20170926:*:*:pro:*:*:*","matchCriteriaId":"13EF0494-CE9E-4B63-9D2E-2AFB3512BAC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171009:*:*:pro:*:*:*","matchCriteriaId":"41AC3FDB-AEB9-4B6F-81EB-A4EE7FCD2957"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171030:*:*:pro:*:*:*","matchCriteriaId":"22BF97B2-EF2A-4DD9-81E9-2806731F5A3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171115:*:*:pro:*:*:*","matchCriteriaId":"5233FFC8-D110-414F-AA4E-F5AF7C74F585"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171129:*:*:pro:*:*:*","matchCriteriaId":"D63C9642-EEEA-4B2C-9C6E-9ABBFD9DCBCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171206:*:*:pro:*:*:*","matchCriteriaId":"63FFB33E-717C-4C6F-8D66-9C9F1C940D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20171220:*:*:pro:*:*:*","matchCriteriaId":"6768BA01-C0FB-49E2-8A61-28929C2B1B1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180108:*:*:pro:*:*:*","matchCriteriaId":"1866B819-707E-432D-92EA-3AA1F347DAED"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180124:*:*:pro:*:*:*","matchCriteriaId":"BDDCD2E4-6853-41CE-A07A-2F028E72DFF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180206:*:*:pro:*:*:*","matchCriteriaId":"B3D2C4BF-B825-4890-B2DB-D20FD6756B35"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180301:*:*:pro:*:*:*","matchCriteriaId":"76DB58D7-1B47-4817-9D06-E5656B1331F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180312:*:*:pro:*:*:*","matchCriteriaId":"8FF30D6E-0765-4271-A040-235E3B33503E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180327:*:*:pro:*:*:*","matchCriteriaId":"85DD6D65-CE57-4A3A-9193-CD82CCD4BDBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180410:*:*:pro:*:*:*","matchCriteriaId":"9F1B811A-7790-4407-B910-0C70927F7D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180501:*:*:pro:*:*:*","matchCriteriaId":"EE7DFBE8-5ABE-4C67-A85D-8D37E206E51C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180511:*:*:pro:*:*:*","matchCriteriaId":"E3D1BBDD-D3FD-4F3D-9279-46EDF96FE317"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180526:*:*:pro:*:*:*","matchCriteriaId":"488C3810-3393-4817-87DB-0E2CD2CA3969"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180618:*:*:pro:*:*:*","matchCriteriaId":"9E00DD73-1F9B-4944-907E-F1773316B63B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180704:*:*:pro:*:*:*","matchCriteriaId":"57966911-0CFC-4355-9B08-2F2688302F96"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180716:*:*:pro:*:*:*","matchCriteriaId":"8439D629-F7F0-4ADA-9BC6-2E3E34220CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180727:*:*:pro:*:*:*","matchCriteriaId":"A26FBA32-4114-42EB-9427-254AB3B9F06B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180813:*:*:pro:*:*:*","matchCriteriaId":"4A6AE478-FC91-4A4A-9CB0-7BD29ED42E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180827:*:*:pro:*:*:*","matchCriteriaId":"A21F2F21-3970-4F75-B72B-D939F35448BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180907:*:*:pro:*:*:*","matchCriteriaId":"A0FD1D96-50EA-47E8-997B-CE6B1E58BADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20180924:*:*:pro:*:*:*","matchCriteriaId":"31FC17EF-B89B-48A2-9196-5E2DA5A2D118"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20181009:*:*:pro:*:*:*","matchCriteriaId":"1BB88831-3170-453D-B416-E1F962F8AD6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20181022:*:*:pro:*:*:*","matchCriteriaId":"1BBF5DA5-B318-436B-8071-A617B99E0637"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20181105:*:*:pro:*:*:*","matchCriteriaId":"BBD348EF-91F5-4C02-BD98-ABA902131183"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20181130:*:*:pro:*:*:*","matchCriteriaId":"8FE78790-13DE-43F6-80C2-3F85FF6E16E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20181215:*:*:pro:*:*:*","matchCriteriaId":"BFA0AEAD-9A25-4659-802F-BB56C68847BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190108:*:*:pro:*:*:*","matchCriteriaId":"1009C89A-D461-4BFF-A91B-24B7D0E17297"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190118:*:*:pro:*:*:*","matchCriteriaId":"CA03DBAA-EE97-4D73-9454-13FA73F021E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190201:*:*:pro:*:*:*","matchCriteriaId":"24DF8346-A21D-44C7-A491-A58099B4D88B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190219:*:*:pro:*:*:*","matchCriteriaId":"8B38D653-F840-49FA-B4FA-7C23A101E77B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190303:*:*:pro:*:*:*","matchCriteriaId":"67D0992D-FF74-4F93-A00B-BB4EC0F8A51E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190319:*:*:pro:*:*:*","matchCriteriaId":"3909F140-EB22-4D05-8576-4C7445A183DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190331:*:*:pro:*:*:*","matchCriteriaId":"2610F4B9-0739-4AE8-B4C2-E8578F0466E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190416:*:*:pro:*:*:*","matchCriteriaId":"2EA3D971-ECBC-4810-AE61-3167BD3D7F81"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190426:*:*:pro:*:*:*","matchCriteriaId":"E2FBED6C-4BDA-4AE2-999F-5D3063B90D18"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190513:*:*:pro:*:*:*","matchCriteriaId":"51571BCC-8621-4D0F-AE45-DAFF5AD9099A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190603:*:*:pro:*:*:*","matchCriteriaId":"35266B59-E489-4BF8-ABA5-1B07B3A3B9D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190607:*:*:pro:*:*:*","matchCriteriaId":"737684B7-E4EC-46E6-981E-97CDFDEE6AB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190626:*:*:pro:*:*:*","matchCriteriaId":"C46B768B-11A8-473E-8532-AF7230F5390C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190722:*:*:pro:*:*:*","matchCriteriaId":"8DA7A63D-9416-4572-81A1-52D8247EAF15"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190805:*:*:pro:*:*:*","matchCriteriaId":"26989ACB-F823-47AF-825C-ACEFC77A5ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190819:*:*:pro:*:*:*","matchCriteriaId":"E99A1FF5-59C8-4471-A5F4-F6B39CCD5EB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190910:*:*:pro:*:*:*","matchCriteriaId":"89361CC7-C9C3-4DD6-A812-ACEA2FD9D3CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20190930:*:*:pro:*:*:*","matchCriteriaId":"F87117F9-9B8D-4267-9CA1-98FEFA00DE0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20191014:*:*:pro:*:*:*","matchCriteriaId":"4510FB72-A61D-4998-9C7B-B368ACADC2F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20191030:*:*:pro:*:*:*","matchCriteriaId":"751D173E-BD8C-40DC-A033-52894F665A00"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20191108:*:*:pro:*:*:*","matchCriteriaId":"F28F93F4-EF56-4C56-A34F-3582992039F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20191209:*:*:pro:*:*:*","matchCriteriaId":"536EAD48-FCF6-46A0-B8C6-58CB07E6F689"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200113:*:*:pro:*:*:*","matchCriteriaId":"6972D3C6-BBA2-4420-BF7C-F5B0B155E70E"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200122:*:*:pro:*:*:*","matchCriteriaId":"7031F096-9223-481D-A024-6EFB55C6333D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200131:*:*:pro:*:*:*","matchCriteriaId":"7BF37270-5ABF-4BF0-AC39-78E36E7DFBC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200218:*:*:pro:*:*:*","matchCriteriaId":"B4FC8A3F-0F5D-4E34-8E69-7CA66F3ECC10"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200302:*:*:pro:*:*:*","matchCriteriaId":"E69CD84D-9AD9-42EE-8117-CEE86D04B6C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200318:*:*:pro:*:*:*","matchCriteriaId":"E6DBB703-B54E-4E16-964A-77356540891C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200330:*:*:pro:*:*:*","matchCriteriaId":"BD215E6E-94E9-45CC-9E03-7458FDABFA8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:4.17.1:20200413:*:*:pro:*:*:*","matchCriteriaId":"2333BC4C-CB58-4BA1-ACD2-CDC308DB7B1E"}]}]}],"references":[{"url":"https://avalz.it/research/metasploit-pro-xss-to-rce/","source":"cve@rapid7.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514","source":"cve@rapid7.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://avalz.it/research/metasploit-pro-xss-to-rce/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}