CVE-2024-54779 — Cross-site Scripting in Pfsense CE

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 84.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 14

Description

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

GHSA

GHSA-43qr-pjmr-cgfv: Netgate pfSense CE (prior to 2↗2025-05-14

▶