Vulnerabilities > Netgate > Pfsense
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-46538 | Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2 A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | 4.8 |
| 2023-12-06 | CVE-2023-48123 | Unspecified vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | 8.8 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-11-14 | CVE-2023-42325 | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | 5.4 |
| 2023-11-14 | CVE-2023-42327 | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | 5.4 |
| 2023-03-17 | CVE-2023-27253 | XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0 A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | 8.8 |
| 2023-02-22 | CVE-2022-29273 | Cross-site Scripting vulnerability in Netgate Pfsense pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | 6.1 |
| 2022-12-15 | CVE-2020-21219 | Cross-site Scripting vulnerability in Netgate Acme and Pfsense Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | 6.1 |
| 2022-03-31 | CVE-2022-24299 | Improper Input Validation vulnerability in Netgate Pfsense and Pfsense Plus Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. | 6.5 |
| 2022-03-31 | CVE-2022-26019 | Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | 8.8 |