CVE-2019-18667: XSS
First published: Sat Nov 02 2019(Updated: )
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pfsense Pfsense-pkg-freeradius3 | <0.15.7_3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18667?
CVE-2019-18667 is a vulnerability in the freeradius3 package before version 0.15.7_3 for pfSense on FreeBSD that allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
How does CVE-2019-18667 affect pfSense and the freeradius3 package?
CVE-2019-18667 affects the freeradius3 package before version 0.15.7_3 for pfSense on FreeBSD, allowing an attacker to execute arbitrary javascript code on a victim browser by using an XSS payload as a password or username.
What is the severity of CVE-2019-18667?
CVE-2019-18667 has a severity level of medium (6.1).
How can I fix CVE-2019-18667?
To fix CVE-2019-18667, it is recommended to update the freeradius3 package to version 0.15.7_3 or later for pfSense on FreeBSD.
Where can I find more information about CVE-2019-18667?
More information about CVE-2019-18667 can be found at the following reference: https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/pfsense
- canonical/pfsense pfsense-pkg-freeradius3