CVE-2019-12584Cross-site Scripting in Pfsense

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
4.6%
top 10.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netgate PfsenseApcupsdDebian Apcupsd
Timeline
PublishedJun 3
Latest updateMay 24

Description

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDnetgate/pfsense< 2.4.4+1
NVDapcupsd/apcupsd0.3.91_5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-rq9v-rxgf-2vq4: Apcupsd 02022-05-24

📋Vendor Advisories

1
Debian
CVE-2019-12584: apcupsd - Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products...2019
CVE-2019-12584 — Cross-site Scripting in Pfsense | cvebase