CVE-2020-21219 — Cross-site Scripting in Acme
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 30.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 15
Description
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7