CVE-2019-12584
published 2019-06-03CVE-2019-12584: Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
2.56%
83.1th percentile
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apcupsd | apcupsd | — | — |
| debian | apcupsd | — | — |
| netgate | pfsense | < 2.4.4 | 2.4.4 |
| netgate | pfsense | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_debian6.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rq9v-rxgf-2vq4: Apcupsd 0
ghsa_unreviewed·2022-05-24
CVE-2019-12584 [MEDIUM] CWE-79 GHSA-rq9v-rxgf-2vq4: Apcupsd 0
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Debian
CVE-2019-12584: apcupsd - Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products...
vendor_debian·2019·CVSS 6.1
CVE-2019-12584 [MEDIUM] CVE-2019-12584: apcupsd - Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products...
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3https://redmine.pfsense.org/issues/9556https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3https://redmine.pfsense.org/issues/9556
2019-06-03
Published