CVE-2019-16914: XSS
First published: Thu Sep 26 2019(Updated: )
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | <2.4.4 | |
| Netgate pfSense | =2.4.4 | |
| Netgate pfSense | =2.4.4-p1 | |
| Netgate pfSense | =2.4.4-p2 | |
| Netgate pfSense | =2.4.4-p3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-16914.
What is the severity of CVE-2019-16914?
The severity of CVE-2019-16914 is medium.
What is the affected software for CVE-2019-16914?
The affected software for CVE-2019-16914 is Netgate pfSense version 2.4.4-p3 and earlier.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for CVE-2019-16914 is CWE-79.
How can I fix CVE-2019-16914?
To fix CVE-2019-16914, it is recommended to update to a patched version of Netgate pfSense.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.4.4
- version/netgate pfsense/2.4.4-p1
- version/netgate pfsense/2.4.4-p2
- version/netgate pfsense/2.4.4-p3