XSS in Rapid7 Velociraptor

CVE-2022-35632

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resol…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.