Lucene search

[email protected]NVD:CVE-2020-21487

HistoryApr 04, 2023 - 3:15 p.m.

CVE-2020-21487

2023-04-0415:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-21487

acme package

cross site scripting

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.

Affected configurations

Nvd

Node

netgatepfsenseMatch2.4.4-

netgatepfsense_acme_packageMatch0.6.3

VendorProductVersionCPE
netgatepfsense2.4.4cpe:2.3:a:netgate:pfsense:2.4.4:-:*:*:*:*:*:*
netgatepfsense_acme_package0.6.3cpe:2.3:a:netgate:pfsense_acme_package:0.6.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgate	pfsense	2.4.4	cpe:2.3:a:netgate:pfsense:2.4.4:-::::::
netgate	pfsense_acme_package	0.6.3	cpe:2.3:a:netgate:pfsense_acme_package:0.6.3:::::::*

References

github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8

redmine.pfsense.org/issues/9888

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Related for NVD:CVE-2020-21487

osv1 cvelist1 cve1 prion1