Cross-Site Scripting Vulnerability in pfSense by Netgate
CVE-2011-5047

Currently unrated

Key Information:

Vendor: Pfsense
Status: Pfsense
Vendor: CVE Published:; 3 January 2012

What is CVE-2011-5047?

A cross-site scripting vulnerability exists in pfSense prior to version 2.0.1, specifically in the status_rrd_graph.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the style parameter. Exploiting this vulnerability can lead to unauthorized actions on behalf of users, data theft, or session hijacking. It is crucial for users of affected pfSense versions to apply available patches or updates to mitigate this risk.

References

http://www.securityfocus.com/bid/51169

vdb-entryx_refsource_BID

http://www.osvdb.org/77981

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/72090

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2012
Vulnerability Reserved
Jan 3, 2012

Pfsense

What is CVE-2011-5047?

References

Timeline