CVE-2015-6510 — Cross-site Scripting in Pfsense
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 18
Latest updateMay 14
Description
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parame…
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages1 packages
🔴Vulnerability Details
1GHSA▶
GHSA-23pf-vqh8-2w2c: Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2↗2022-05-14