PT-2019-14864 · Netgate · Pfsense
Lorexxar233
·
Published
2019-09-26
·
Updated
2019-09-27
·
CVE-2019-16914
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
pfSense versions prior to 2.4.4-p3
Description
A cross-site scripting (XSS) issue was found. The
username and delmac parameters in the services captiveportal mac.php file are displayed without proper sanitization.Recommendations
For versions prior to 2.4.4-p3, update to a version that includes the necessary sanitization for the
username and delmac parameters to prevent XSS exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pfsense