Page 2 of 8 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. Una vulnerabilidad de comprobación de entrada inapropiada en pfSense CE y pfSense Plus (versiones de software de pfSense CE anteriores a 2.6.0 y versiones de software de pfSense Plus anteriores a 22.01) permite a un atacante remoto con el privilegio de cambiar la configuración del cliente o del servidor OpenVPN ejecutar un comando arbitrario • https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc https://jvn.jp/en/jp/JVN87751554/index.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. Una vulnerabilidad de tipo cross-site scripting en pfSense CE y pfSense Plus (software pfSense CE versiones 2.5.2 y anteriores, y software pfSense Plus versiones 21.05 y anteriores) permite a un atacante remoto inyectar un script arbitrario por medio de una URL maliciosa • https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc https://jvn.jp/en/jp/JVN87751554/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. /usr/local/www/pkg.php en pfSense CE antes de 2.6.0 y pfSense Plus antes de 22.01 utiliza $_REQUEST['pkg_filter'] en una llamada de eco de PHP, lo que provoca XSS • https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •