CVE-2020-26693

pfsense/pfsense

on github

Published

June 1, 2021

Severity

CVSS v3:

5.4 MEDIUM

CVSS v2:

3.5 LOW

Description

A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.

References

https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:pfsense:pfsense:2.4.5:p1::::::	n/a	n/a	2.4.5

External Links

NVD - CVE-2020-26693