pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
References
Link | Resource |
---|---|
https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a | Exploit Patch Third Party Advisory |
https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e | Patch Third Party Advisory |
Configurations
History
05 Oct 2022, 14:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Pfsense
Pfsense pfsense |
|
CPE | cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
References | (MISC) https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e - Patch, Third Party Advisory | |
References | (MISC) https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a - Exploit, Patch, Third Party Advisory |
03 Oct 2022, 16:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-03 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-42247
Mitre link : CVE-2022-42247
CVE.ORG link : CVE-2022-42247
JSON object : View
Products Affected
pfsense
- pfsense
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')