pfSense 2.5.2 Community Edition

CPE Details

pfSense 2.5.2 Community Edition
pfsense
pfsense
2.5.2
2022-04-07
15h14 +00:00
2022-08-18
09h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:community:*:*:*

Informations

Vendor

pfsense

Product

pfsense

Version

2.5.2

Software Edition

community

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42247 2022-10-03 13h31 +00:00 pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
6.1
Medium
CVE-2021-20729 2022-03-31 05h20 +00:00 Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
6.1
Medium
CVE-2021-41282 2022-03-01 21h45 +00:00 diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
8.8
High
CVE-2022-23993 2022-01-26 17h22 +00:00 /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
6.1
Medium