Vulnerabilities > Netgate > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-11457 | Cross-site Scripting vulnerability in Netgate Pfsense pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. | 5.4 |
| 2019-09-26 | CVE-2019-16914 | Cross-site Scripting vulnerability in Netgate Pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. | 6.1 |
| 2019-06-25 | CVE-2019-12949 | Cross-site Scripting vulnerability in Netgate Pfsense 2.4.4 In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. | 6.1 |
| 2019-06-03 | CVE-2019-12584 | Cross-site Scripting vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | 6.1 |
| 2019-05-29 | CVE-2019-12347 | Cross-site Scripting vulnerability in Netgate Pfsense 2.4.4 In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. | 6.1 |
| 2019-02-20 | CVE-2019-8953 | Cross-site Scripting vulnerability in Netgate Haproxy The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | 6.1 |