Cross-Site Scripting Vulnerability in pfSense Firewall
CVE-2019-16914

6.1MEDIUM

Key Information:

Vendor

Netgate

Status
Pfsense
Vendor
CVE Published:
26 September 2019

What is CVE-2019-16914?

An XSS vulnerability has been identified in pfSense versions up to 2.4.4-p3, specifically involving the services_captiveportal_mac.php file. The vulnerability occurs due to improper sanitization of the username and delmac parameters, which could allow an attacker to execute malicious scripts in the context of the affected user's session. This could lead to unauthorized access or data manipulation within the pfSense interface.

References

https://redmine.pfsense.org/issues/9609
x_refsource_MISC
https://github.com/pfsense/pfsense/commit/d31362b69d5d52d...
x_refsource_MISC
https://www.seebug.org/vuldb/ssvid-98023
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.