Appspider Pro

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018

Published: 2025-05-20T08:39:38.370Z
Updated: 2025-05-20T13:36:46.854Z

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management. This vulnerability was remediated in version 7.5.021 of the product.

Published: 2025-09-25T14:41:35.939Z
Updated: 2025-09-25T16:03:45.231Z

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product.

Published: 2025-09-30T18:12:50.204Z
Updated: 2025-09-30T20:33:45.909Z

Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.

Published: 2017-05-03T16:00:00.000Z
Updated: 2024-08-05T14:55:35.796Z

Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Published: 2017-05-03T16:00:00.000Z
Updated: 2024-08-05T14:55:35.777Z

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Published: 2017-03-02T20:00:00.000Z
Updated: 2024-08-05T14:55:35.652Z