Vulnerabilities > Netgate > Pfsense > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-25 | CVE-2019-12949 | Cross-site Scripting vulnerability in Netgate Pfsense 2.4.4 In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. | 6.1 |
| 2019-06-03 | CVE-2019-12584 | Cross-site Scripting vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | 6.1 |
| 2019-05-29 | CVE-2019-12347 | Cross-site Scripting vulnerability in Netgate Pfsense 2.4.4 In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. | 6.1 |