XSS Vulnerability in pfSense 2.5.0 by Netgate
CVE-2021-27933

6.1MEDIUM

Key Information:

Vendor: Pfsense
Status: Pfsense
Vendor: CVE Published:; 28 April 2021

What is CVE-2021-27933?

pfSense version 2.5.0 is vulnerable to a Cross-Site Scripting (XSS) attack through the services_wol_edit.php file, specifically via the Description field. This allows attackers to inject malicious scripts, potentially leading to unauthorized actions performed in the context of a user's session. Proper validation and sanitization of user-inputted data are crucial for preventing exploitation of this vulnerability.

References

http://seclists.org/fulldisclosure/2021/Apr/61

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2021
Vulnerability Reserved
Mar 3, 2021

Pfsense

What is CVE-2021-27933?

References

CVSS V3.1

Timeline