CVE-2021-20729

2022-03-3108:15:08

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.

CPENameOperatorVersion
pfsenseeqRoot_RELENG_1_2
pfsenseeq2.5.2
pfsenseeqRELENG_2_2_BETA

Name	Operator	Version
pfsense	eq	Root_RELENG_1_2
pfsense	eq	2.5.2
pfsense	eq	RELENG_2_2_BETA

References

docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc

jvn.jp/en/jp/JVN87751554/index.html