Vulnerabilities > Pfsense > Pfsense > 1.0.x
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-03 | CVE-2011-5047 | Cross-Site Scripting vulnerability in Pfsense Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter. | 4.3 |
| 2012-01-03 | CVE-2011-4197 | Permissions, Privileges, and Access Controls vulnerability in Pfsense etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. | 7.5 |