Vendor CVEs
Pfsense
All CVEs
58 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-69691 | Cri | 0.64 | 9.9 | 0.01 | May 8, 2026 | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code. | ||
| CVE-2016-10709 | Hig | 0.63 | 8.8 | 0.34 | Jan 22, 2018 | pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | ||
| CVE-2025-69690 | Cri | 0.59 | 9.1 | 0.01 | May 8, 2026 | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are… | ||
| CVE-2018-16055 | Hig | 0.58 | 8.8 | 0.11 | Sep 26, 2018 | An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This… | ||
| CVE-2025-12490 | Hig | 0.52 | 8.8 | 0.19 | Nov 6, 2025 | Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists… | ||
| CVE-2022-31814 | 0.10 | — | 0.86 | Sep 5, 2022 | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | |||
| CVE-2021-41282 | 0.10 | — | 0.87 | Mar 1, 2022 | diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the… | |||
| CVE-2019-12347 | 0.08 | — | 0.59 | May 29, 2019 | In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors. | |||
| CVE-2015-2295 | 0.08 | — | 0.66 | Apr 10, 2015 | Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. | |||
| CVE-2024-46538 | 0.07 | — | 0.78 | Oct 22, 2024 | A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | |||
| CVE-2022-40624 | 0.07 | — | 0.17 | Dec 20, 2022 | pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | |||
| CVE-2019-16667 | 0.07 | — | 0.55 | Sep 26, 2019 | diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | |||
| CVE-2019-8953 | 0.07 | — | 0.52 | Feb 20, 2019 | The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||
| CVE-2017-1000479 | Hig | 0.06 | 8.8 | 0.33 | Jan 3, 2018 | pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork… | ||
| CVE-2014-4688 | 0.04 | — | 0.07 | Jul 2, 2014 | pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php. | |||
| CVE-2010-4412 | 0.03 | — | 0.02 | Dec 7, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or… | |||
| CVE-2010-4246 | 0.03 | — | 0.02 | Dec 7, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182. | |||
| CVE-2015-4029 | 0.02 | — | 0.20 | Aug 18, 2015 | Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. | |||
| CVE-2015-2294 | 0.02 | — | 0.24 | Apr 1, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue… | |||
| CVE-2025-34176 | 0.01 | — | 0.14 | Sep 9, 2025 | In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server… | |||
| CVE-2022-29273 | 0.01 | — | 0.60 | Feb 22, 2023 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | |||
| CVE-2019-12949 | 0.01 | — | 0.03 | Jun 25, 2019 | In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a… | |||
| CVE-2025-34177 | 0.00 | — | 0.01 | Sep 9, 2025 | In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg… | |||
| CVE-2025-34173 | 0.00 | — | 0.01 | Sep 9, 2025 | In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals… | |||
| CVE-2025-34172 | 0.00 | — | 0.01 | Sep 9, 2025 | In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated. | |||
| CVE-2023-29975 | 0.00 | — | 0.02 | Nov 9, 2023 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | |||
| CVE-2023-29973 | 0.00 | — | 0.02 | Oct 24, 2023 | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. | |||
| CVE-2020-19678 | 0.00 | — | 0.03 | Apr 6, 2023 | Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | |||
| CVE-2020-21487 | 0.00 | — | 0.01 | Apr 4, 2023 | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. | |||
| CVE-2022-42247 | 0.00 | — | 0.02 | Oct 3, 2022 | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. | |||
| CVE-2022-21132 | 0.00 | — | 0.02 | Mar 7, 2022 | Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. | |||
| CVE-2022-23993 | 0.00 | — | 0.02 | Jan 26, 2022 | /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | |||
| CVE-2020-26693 | 0.00 | — | 0.05 | Jun 1, 2021 | A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. | |||
| CVE-2021-27933 | 0.00 | — | 0.27 | Apr 28, 2021 | pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. | |||
| CVE-2020-10797 | 0.00 | — | 0.02 | Apr 29, 2020 | An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. | |||
| CVE-2019-16914 | 0.00 | — | 0.02 | Sep 26, 2019 | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. | |||
| CVE-2019-16915 | 0.00 | — | 0.04 | Sep 26, 2019 | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. | |||
| CVE-2019-16701 | 0.00 | — | 0.20 | Sep 25, 2019 | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | |||
| CVE-2019-12585 | 0.00 | — | 0.05 | Jun 3, 2019 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | |||
| CVE-2019-12584 | 0.00 | — | 0.03 | Jun 3, 2019 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | |||
| CVE-2019-11816 | 0.00 | — | 0.03 | May 20, 2019 | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | |||
| CVE-2018-20799 | 0.00 | — | 0.02 | Mar 1, 2019 | In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for… | |||
| CVE-2018-20798 | 0.00 | — | 0.01 | Mar 1, 2019 | The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions. | |||
| CVE-2015-6511 | 0.00 | — | 0.02 | Aug 18, 2015 | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. | |||
| CVE-2015-6510 | 0.00 | — | 0.02 | Aug 18, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6)… | |||
| CVE-2015-6509 | 0.00 | — | 0.02 | Aug 18, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries,… | |||
| CVE-2015-6508 | 0.00 | — | 0.02 | Aug 18, 2015 | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. | |||
| CVE-2014-4696 | 0.00 | — | 0.02 | Jul 2, 2014 | Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl… | |||
| CVE-2014-4695 | 0.00 | — | 0.02 | Jul 2, 2014 | Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter… | |||
| CVE-2014-4694 | 0.00 | — | 0.02 | Jul 2, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables. |
- risk 0.64cvss 9.9epss 0.01
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
- risk 0.63cvss 8.8epss 0.34
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
- risk 0.59cvss 9.1epss 0.01
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are…
- risk 0.58cvss 8.8epss 0.11
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This…
- risk 0.52cvss 8.8epss 0.19
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists…
- CVE-2022-31814Sep 5, 2022risk 0.10cvss —epss 0.86
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
- CVE-2021-41282Mar 1, 2022risk 0.10cvss —epss 0.87
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the…
- CVE-2019-12347May 29, 2019risk 0.08cvss —epss 0.59
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
- CVE-2015-2295Apr 10, 2015risk 0.08cvss —epss 0.66
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
- CVE-2024-46538Oct 22, 2024risk 0.07cvss —epss 0.78
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
- CVE-2022-40624Dec 20, 2022risk 0.07cvss —epss 0.17
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
- CVE-2019-16667Sep 26, 2019risk 0.07cvss —epss 0.55
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
- CVE-2019-8953Feb 20, 2019risk 0.07cvss —epss 0.52
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
- risk 0.06cvss 8.8epss 0.33
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork…
- CVE-2014-4688Jul 2, 2014risk 0.04cvss —epss 0.07
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
- CVE-2010-4412Dec 7, 2010risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or…
- CVE-2010-4246Dec 7, 2010risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.
- CVE-2015-4029Aug 18, 2015risk 0.02cvss —epss 0.20
Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.
- CVE-2015-2294Apr 1, 2015risk 0.02cvss —epss 0.24
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue…
- CVE-2025-34176Sep 9, 2025risk 0.01cvss —epss 0.14
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server…
- CVE-2022-29273Feb 22, 2023risk 0.01cvss —epss 0.60
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
- CVE-2019-12949Jun 25, 2019risk 0.01cvss —epss 0.03
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a…
- CVE-2025-34177Sep 9, 2025risk 0.00cvss —epss 0.01
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg…
- CVE-2025-34173Sep 9, 2025risk 0.00cvss —epss 0.01
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals…
- CVE-2025-34172Sep 9, 2025risk 0.00cvss —epss 0.01
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
- CVE-2023-29975Nov 9, 2023risk 0.00cvss —epss 0.02
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
- CVE-2023-29973Oct 24, 2023risk 0.00cvss —epss 0.02
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
- CVE-2020-19678Apr 6, 2023risk 0.00cvss —epss 0.03
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
- CVE-2020-21487Apr 4, 2023risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.
- CVE-2022-42247Oct 3, 2022risk 0.00cvss —epss 0.02
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
- CVE-2022-21132Mar 7, 2022risk 0.00cvss —epss 0.02
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.
- CVE-2022-23993Jan 26, 2022risk 0.00cvss —epss 0.02
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
- CVE-2020-26693Jun 1, 2021risk 0.00cvss —epss 0.05
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
- CVE-2021-27933Apr 28, 2021risk 0.00cvss —epss 0.27
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
- CVE-2020-10797Apr 29, 2020risk 0.00cvss —epss 0.02
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
- CVE-2019-16914Sep 26, 2019risk 0.00cvss —epss 0.02
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
- CVE-2019-16915Sep 26, 2019risk 0.00cvss —epss 0.04
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
- CVE-2019-16701Sep 25, 2019risk 0.00cvss —epss 0.20
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
- CVE-2019-12585Jun 3, 2019risk 0.00cvss —epss 0.05
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
- CVE-2019-12584Jun 3, 2019risk 0.00cvss —epss 0.03
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
- CVE-2019-11816May 20, 2019risk 0.00cvss —epss 0.03
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
- CVE-2018-20799Mar 1, 2019risk 0.00cvss —epss 0.02
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for…
- CVE-2018-20798Mar 1, 2019risk 0.00cvss —epss 0.01
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.
- CVE-2015-6511Aug 18, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
- CVE-2015-6510Aug 18, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6)…
- CVE-2015-6509Aug 18, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries,…
- CVE-2015-6508Aug 18, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
- CVE-2014-4696Jul 2, 2014risk 0.00cvss —epss 0.02
Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl…
- CVE-2014-4695Jul 2, 2014risk 0.00cvss —epss 0.02
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter…
- CVE-2014-4694Jul 2, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.
Page 1 of 2