Vulnerabilities (CVE)

Filtered by vendor Pfsense Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-23993	1 Pfsense	2 Pfsense, Pfsense Plus	2022-04-29	4.3 MEDIUM	6.1 MEDIUM
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
CVE-2020-26693	1 Pfsense	1 Pfsense	2021-06-09	3.5 LOW	5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
CVE-2021-27933	1 Pfsense	1 Pfsense	2021-05-01	4.3 MEDIUM	6.1 MEDIUM
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
CVE-2019-18667	1 Pfsense	1 Pfsense-pkg-freeradius3	2019-11-07	4.3 MEDIUM	6.1 MEDIUM
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.