Vulnerabilities > Netgate

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-10797 Cross-Site Scripting vulnerability in Netgate Pfsense
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version.
network
netgate CWE-79
4.3
2020-04-01 CVE-2020-11457 Cross-Site Scripting vulnerability in Netgate Pfsense
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
network
netgate CWE-79
3.5
2019-09-26 CVE-2019-16667 Cross-Site Request Forgery (CSRF) vulnerability in Netgate Pfsense 2.4.4
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands.
network
netgate CWE-352
6.8
2019-09-26 CVE-2019-16915 Improper Input Validation vulnerability in Netgate Pfsense
An issue was discovered in pfSense through 2.4.4-p3.
network
low complexity
netgate CWE-20
7.5
2019-09-26 CVE-2019-16914 Cross-Site Scripting vulnerability in Netgate Pfsense
An XSS issue was discovered in pfSense through 2.4.4-p3.
network
netgate CWE-79
4.3
2019-09-25 CVE-2019-16701 OS Command Injection vulnerability in Netgate Pfsense
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
network
low complexity
netgate CWE-78
critical
9.0
2019-06-25 CVE-2019-12949 Cross-Site Scripting vulnerability in Netgate Pfsense 2.4.4
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server.
network
netgate CWE-79
4.3
2019-06-03 CVE-2019-12585 OS Command Injection vulnerability in multiple products
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
network
low complexity
apcupsd netgate CWE-78
7.5
2019-06-03 CVE-2019-12584 Cross-Site Scripting vulnerability in multiple products
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
4.3
2019-05-29 CVE-2019-12347 Cross-Site Scripting vulnerability in Netgate Pfsense 2.4.4
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action.
network
netgate CWE-79
4.3