Vulnerabilities > Pfsense > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-29973 Allocation of Resources Without Limits or Throttling vulnerability in Pfsense 2.6.0
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
network
low complexity
pfsense CWE-770
4.9
2022-10-03 CVE-2022-42247 Cross-site Scripting vulnerability in Pfsense 2.5.2
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component.
network
low complexity
pfsense CWE-79
6.1
2022-03-31 CVE-2021-20729 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
4.3
2022-03-10 CVE-2022-21132 Path Traversal vulnerability in Pfsense Pfsense-Pkg-Wireguard 0.1.6
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.
network
low complexity
pfsense CWE-22
4.0
2022-01-26 CVE-2022-23993 Cross-site Scripting vulnerability in Pfsense and Pfsense Plus
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
network
pfsense CWE-79
4.3
2021-04-28 CVE-2021-27933 Cross-site Scripting vulnerability in Pfsense 2.5.0
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
network
pfsense CWE-79
4.3
2019-11-02 CVE-2019-18667 Cross-site Scripting vulnerability in Pfsense Pfsense-Pkg-Freeradius3
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
network
pfsense CWE-79
4.3
2014-07-02 CVE-2014-4696 Remote Security vulnerability in Pfsense
Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.
network
netgate pfsense
5.8
2014-07-02 CVE-2014-4695 Remote Security vulnerability in Pfsense
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.
network
netgate pfsense
5.8
2014-07-02 CVE-2014-4694 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.
4.3