Описание
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.
Ссылки
- Patch
- Issue TrackingPatch
- Patch
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:netgate:pfsense:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:netgate:pfsense_acme_package:0.6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.0071
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 9.6
github
почти 3 года назад
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.
EPSS
Процентиль: 72%
0.0071
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-79
CWE-79