Lucene search

K
cve[email protected]CVE-2020-19203
HistoryJul 12, 2021 - 4:15 p.m.

CVE-2020-19203

2021-07-1216:15:08
CWE-79
web.nvd.nist.gov
24
3
xss
authenticated
vulnerability
pfsense
webgui
stored xss
nvd
cve-2020-19203

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.3%

An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.

Affected configurations

NVD
Node
netgatepfsenseRange<2.4.4
OR
netgatepfsenseMatch2.4.4-
OR
netgatepfsenseMatch2.4.4p1
OR
netgatepfsenseMatch2.4.4p2
CPENameOperatorVersion
netgate:pfsensenetgate pfsenselt2.4.4

Social References

More

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.3%

Related for CVE-2020-19203