Severity
Medium
Analysis Summary
The application allows users to perform certain actions via HTTP requests to the Security Console without performing proper validity checks to verify the requests. This can be exploited to conduct certain actions when a logged-in user visits a specially crafted web page.
Impact
Cross Site Scripting
Affected Vendors
Nexpose
Affected Products
Nexpose 6.5.0 through 6.5.68
Remediation
Update to version 6.5.69.