Rapid7 Metasploit Pro
6 CVEs affecting Rapid7 Metasploit Pro. Latest disclosed: 2026-05-15. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5235 | High | 7.8 | 2017-03-02 | Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a… |
CVE-2023-0599 | Medium | 6.1 | 2023-02-01 | Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitizatio… |
CVE-2020-7355 | Medium | 6.1 | 2020-06-25 | Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted n… |
CVE-2020-7354 | Medium | 6.1 | 2020-06-25 | Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted ne… |
CVE-2019-5642 | Low | 3.3 | 2019-11-06 | Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system duri… |
CVE-2026-7373 | | 2026-05-15 | Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the… |