CVE-2020-21487 — Cross-site Scripting in Pfsense

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

9.6CRITICALNVD

EPSS

2.6%

top 14.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgate Pfsense Netgate Pfsense Acme Package

Timeline

PublishedApr 4

Description

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDnetgate/pfsense_acme_package0.6.3

▶NVDnetgate/pfsense2.4.4

Patches

Patch: github.com ↗Patch: redmine.pfsense.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rff5-9cw2-46c6: Cross Site Scripting vulnerability found in Netgate pfSense 2↗2023-04-04

▶

CVEList

CVE-2020-21487: Cross Site Scripting vulnerability found in Netgate pfSense 2↗2023-04-04

▶