Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pfsense
(Netgate)Repositories | https://github.com/opnsense/core |
#Vulnerabilities | 49 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-07-12 | CVE-2020-19201 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. | Pfsense | 5.4 | ||
2021-07-12 | CVE-2020-19203 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS. | Pfsense | 5.4 | ||
2022-03-31 | CVE-2022-24299 | Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. | Pfsense, Pfsense_plus | 8.8 | ||
2022-03-31 | CVE-2022-26019 | Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | Pfsense, Pfsense_plus | 8.8 | ||
2022-12-15 | CVE-2020-21219 | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | Acme, Pfsense | 6.1 | ||
2023-02-22 | CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | Pfsense | 6.1 | ||
2023-03-17 | CVE-2023-27253 | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | Pfsense | 8.8 | ||
2023-04-04 | CVE-2020-21487 | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. | Pfsense, Pfsense_acme_package | 9.6 | ||
2023-11-14 | CVE-2023-42325 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | Pfsense | 5.4 | ||
2023-11-14 | CVE-2023-42327 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | Pfsense | 5.4 |