CVE Details
Basic Information
| Title | CVE-2025-4951 |
|---|---|
| Type | cve |
| Published | 2025-05-20T09:15:21 |
| Last Seen | 2025-05-20T09:20:48 |
CVSS Information
| Base Score | 4.6 (MEDIUM) |
|---|---|
| Attack Vector | LOCAL |
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
AI Analysis
| AI Description | A stored cross-site scripting vulnerability exists in the “ScanName” field of Rapid7 AppSpider Pro versions before 7.5.018. The application fails to properly sanitize user input, allowing an attacker to inject malicious scripts that are stored and executed when viewed by other users. |
|---|---|
| AI Severity | Medium |
| Vendor | Rapid7 |
| Product | AppSpider Pro |
| Affected Version | < 7.5.018 |
Additional Information
| CVE List | CVE-2025-4951 |
|---|---|
| CWE List | CWE-79 |
| Bulletin Family | cve |
Description
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the “ScanName” field. Despite the application preventing the inclusion of special characters within…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)