CVE-2020-19203Cross-site Scripting in Pfsense

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
1.2%
top 21.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgate Pfsense
Timeline
PublishedJul 12
Latest updateMay 24

Description

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDnetgate/pfsense< 2.4.4+1

🔴Vulnerability Details

2
GHSA
GHSA-4wj2-v574-g827: Netgate pfSense Community Edition 22022-05-24
CVEList
CVE-2020-19203: An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget2021-07-12
CVE-2020-19203 — Cross-site Scripting in Pfsense | cvebase