First published: Thu Sep 26 2019(Updated: )
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgate pfSense | <2.4.4 | |
Netgate pfSense | =2.4.4 | |
Netgate pfSense | =2.4.4-p1 | |
Netgate pfSense | =2.4.4-p2 | |
Netgate pfSense | =2.4.4-p3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-16914.
The severity of CVE-2019-16914 is medium.
The affected software for CVE-2019-16914 is Netgate pfSense version 2.4.4-p3 and earlier.
The Common Weakness Enumeration (CWE) ID for CVE-2019-16914 is CWE-79.
To fix CVE-2019-16914, it is recommended to update to a patched version of Netgate pfSense.