Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10528
HistoryApr 01, 2015 - 12:00 a.m.

KLA10528 Code injection vulnerability in pfsense

2015-04-0100:00:00
Kaspersky Lab
threats.kaspersky.com
21

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.88 High

EPSS

Percentile

98.6%

JSON

Detect date:

04/01/2015

Severity:

Warning

Description:

Cross-site scripting vulnerabilities were found in pfSense. By exploiting these vulnerabilities malicious users can enject arbitrary sctip or HTML. These vulnerabilities can be exploited remotely via a specially designed parameters for web interface.

Affected products:

pfSense versions earlier than 2.2.1

Solution:

Update to the latest version
Get pfSense

Original advisories:

pfSense advisory

Impacts:

CI

Related products:

pfSense

CVE-IDS:

CVE-2015-22944.3Warning

Exploitation:

Public exploits exist for this vulnerability.

Related

checkpoint_advisories 1
prion 1
cve 1
securityvulns 2
nessus 1
exploitpack 1
htbridge 1
openvas 1
packetstorm 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)
2015-04-14 00:00:00
prion
prion
Cross site scripting
2015-04-01 14:59:00
cve
cve
CVE-2015-2294
2015-04-01 14:59:00
securityvulns
securityvulns
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
2015-05-11 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-05-11 00:00:00
nessus
nessus
pfSense < 2.2.1 Multiple Vulnerabilities (SA-15_02 - SA-15_04)
2018-01-31 00:00:00
exploitpack
exploitpack
pfSense 2.2 - Multiple Vulnerabilities
2015-03-26 00:00:00
htbridge
htbridge
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
2015-03-04 00:00:00
openvas
openvas
pfSense Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
2015-08-21 00:00:00
packetstorm
packetstorm
pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting
2015-03-25 00:00:00
exploitdb
exploitdb
pfSense 2.2 - Multiple Vulnerabilities
2015-03-26 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.88 High

EPSS

Percentile

98.6%

JSON
Related for KLA10528
checkpoint_advisories1prion1cve1securityvulns2nessus1exploitpack1htbridge1openvas1packetstorm1exploitdb1