ReportizFlow
Filtered by vendor Pfsense
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42247 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 6.1 Medium |
| pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. | ||||
| CVE-2022-23993 | 1 Pfsense | 2 Pfsense, Pfsense Plus | 2024-11-21 | 6.1 Medium |
| /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | ||||
| CVE-2022-21132 | 1 Pfsense | 1 Pfsense-pkg-wireguard | 2024-11-21 | 6.5 Medium |
| Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. | ||||
| CVE-2021-41282 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. | ||||
| CVE-2021-27933 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 6.1 Medium |
| pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. | ||||
| CVE-2021-20729 | 2 Netgate, Pfsense | 2 Pfsense Plus, Pfsense | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | ||||
| CVE-2020-26693 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. | ||||
| CVE-2019-18667 | 1 Pfsense | 1 Pfsense-pkg-freeradius3 | 2024-11-21 | 6.1 Medium |
| /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. | ||||
| CVE-2016-10709 | 1 Pfsense | 1 Pfsense | 2024-11-21 | N/A |
| pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | ||||
| CVE-2024-46538 | 2 Netgate, Pfsense | 2 Pfsense, Pfsense | 2024-10-30 | 9.3 Critical |
| A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | ||||