CVE-2021-3619 – Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cros …

Vuln ID: CVE-2021-3619

Published:  2021-07-22  19:15:09Z

Description: Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds.

Source: NVD.NIST.GOV