CVE-2023-0681: 
Rapid7 Vulnerability Management vulnerability analysis and mitigation

Rapid7 InsightVM versions 6.6.178 and lower were affected by an open redirect vulnerability identified as CVE-2023-0681. The vulnerability was discovered in early 2023 and was officially disclosed on February 6, 2023. The issue specifically affected the 'data/console/redirect' component of the application, where the 'page' parameter could be manipulated (CVE Mitre).

The vulnerability is classified as an open redirect vulnerability (CWE-601) that exists in the Security Console component of Rapid7 InsightVM. The vulnerability allows manipulation of the 'page' parameter within the 'data/console/redirect' component, enabling unauthorized redirection capabilities (NVD).

If exploited, this vulnerability allows an attacker to redirect users to arbitrary websites of their choosing, potentially leading to phishing attacks or other malicious redirections (Rapid7 Release Notes).

The vulnerability was resolved in the February 2023 release with version 6.6.179 of Rapid7 InsightVM. Users running affected versions are advised to update their Security Console to the latest version to mitigate this security risk (Rapid7 Release Notes).