Unrated severityNVD Advisory· Published Apr 1, 2020· Updated Aug 4, 2024
CVE-2020-11457
CVE-2020-11457
Description
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- pfSense/pfSensedescription
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48300mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/157104/pfSense-2.4.4-P3-User-Manager-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- github.com/pfsense/pfsense/commit/3c1e53dabe966f27c9097a5a923e77f49ae5fffamitrex_refsource_MISC
- www.netgate.com/assets/downloads/advisories/pfSense-SA-20_06.webgui.ascmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.