What is CVE-2019-12584?

CVE-2019-12584 is a Cross-Site Scripting (XSS) vulnerability in Apcupsd 0.3.91_5, which is used in pfSense through 2.4.4-RELEASE-p3 and other products.

What is the severity of CVE-2019-12584?

The severity of CVE-2019-12584 is medium (CVSS score: 6.1).

How does CVE-2019-12584 affect Apcupsd and pfSense?

CVE-2019-12584 affects Apcupsd 0.3.91_5 in pfSense through 2.4.4-RELEASE-p3 and other products, allowing for Cross-Site Scripting (XSS) attacks through apcupsd_status.php.

What is the fix for CVE-2019-12584?

To fix CVE-2019-12584, it is recommended to update Apcupsd to a version that addresses the XSS issue, such as Apcupsd 0.3.91_6 or later.

Is there any additional information about CVE-2019-12584?

Yes, you can find additional information about CVE-2019-12584 on the CTRSec website, GitHub repository, and the pfSense Redmine issue.

Vulnerability/
CVE-2019-12584

medium

6.1

CWE

3/6/2019

4/8/2024

CVE-2019-12584: XSS

First published: Mon Jun 03 2019(Updated: )

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apcupsd Apcupsd	=0.3.91_5
Netgate pfSense	<2.4.4
Netgate pfSense	=2.4.4
Netgate pfSense	=2.4.4-p1
Netgate pfSense	=2.4.4-p2
Netgate pfSense	=2.4.4-p3

Remedy

https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-12584?
CVE-2019-12584 is a Cross-Site Scripting (XSS) vulnerability in Apcupsd 0.3.91_5, which is used in pfSense through 2.4.4-RELEASE-p3 and other products.
What is the severity of CVE-2019-12584?
The severity of CVE-2019-12584 is medium (CVSS score: 6.1).
How does CVE-2019-12584 affect Apcupsd and pfSense?
CVE-2019-12584 affects Apcupsd 0.3.91_5 in pfSense through 2.4.4-RELEASE-p3 and other products, allowing for Cross-Site Scripting (XSS) attacks through apcupsd_status.php.
What is the fix for CVE-2019-12584?
To fix CVE-2019-12584, it is recommended to update Apcupsd to a version that addresses the XSS issue, such as Apcupsd 0.3.91_6 or later.
Is there any additional information about CVE-2019-12584?
Yes, you can find additional information about CVE-2019-12584 on the CTRSec website, GitHub repository, and the pfSense Redmine issue.

collector/nvd-index
agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/description
agent/event
agent/remedy
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/apcupsd
canonical/apcupsd apcupsd
version/apcupsd apcupsd/0.3.91_5
vendor/netgate
canonical/netgate pfsense
version/netgate pfsense/2.4.4
version/netgate pfsense/2.4.4-p1
version/netgate pfsense/2.4.4-p2
version/netgate pfsense/2.4.4-p3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.