CVE-2020-11457

pfsense/pfsense

on github

Published

April 1, 2020

Severity

CVSS v3:

5.4 MEDIUM

CVSS v2:

3.5 LOW

Description

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:netgate:pfsense::::::::	n/a	2.4.5	*

External Links

NVD - CVE-2020-11457