Pfsense Security Vulnerabilities and Issues — Pfsense CVE List

Lucene search

NetgatePfsense

10 matches found

CVE•added 2015/04/01 2:59 p.m.•62 views

CVE-2015-2294

Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add acti...

4.3CVSS5.6AI score0.013EPSS

CVE•added 2015/08/18 3:59 p.m.•49 views

CVE-2015-6508

Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.

4.3CVSS6.5AI score0.01297EPSS

CVE•added 2014/07/02 10:35 a.m.•42 views

CVE-2014-4692

pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

4.3CVSS6.2AI score0.00072EPSS

CVE•added 2015/08/18 3:59 p.m.•40 views

CVE-2015-4029

Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.

4.3CVSS6.5AI score0.01297EPSS

CVE•added 2015/08/18 3:59 p.m.•40 views

CVE-2015-6510

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to d...

4.3CVSS6.7AI score0.00087EPSS

CVE•added 2014/07/02 10:35 a.m.•35 views

CVE-2014-4687

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status....

4.3CVSS5.9AI score0.00087EPSS

CVE•added 2015/08/18 3:59 p.m.•35 views

CVE-2015-6509

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolv...

4.3CVSS6.7AI score0.00087EPSS

CVE•added 2014/07/02 10:35 a.m.•34 views

CVE-2014-4694

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.

4.3CVSS5.9AI score0.00055EPSS

CVE•added 2015/08/18 3:59 p.m.•32 views

CVE-2015-6511

Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.

4.3CVSS6.5AI score0.00087EPSS

CVE•added 2014/07/02 10:35 a.m.•26 views

CVE-2014-4693

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.

4.3CVSS6AI score0.00055EPSS