Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Nexpose Security Console 5.5.3 and below allow remote attackers to submit actions on a legitimate user’s behalf. By not properly checking each URL, an attacker can execute requests on behalf of a legitimate user. If an authenticated user is tricked into visiting a specially crafted page, it may be possible to perform user-initiated actions on the web application using the victim’s established session. Successful exploitation of this vulnerability resulted in deleting scan data and sites during the proof-of-concept.