{"vulnerability": "CVE-2023-0599", "sightings": [{"uuid": "ee93f546-550d-4d68-802a-fb2b28be6dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0599", "type": "seen", "source": "https://t.me/cibsecurity/57370", "content": "\u203c CVE-2023-0599 \u203c\n\nRapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-02T02:14:22.000000Z"}]}