CVE-2020-19203: XSS
First published: Mon Jul 12 2021(Updated: )
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | <2.4.4 | |
| Netgate pfSense | =2.4.4 | |
| Netgate pfSense | =2.4.4-p1 | |
| Netgate pfSense | =2.4.4-p2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this cross-site scripting vulnerability?
The vulnerability ID for this cross-site scripting vulnerability is CVE-2020-19203.
What is the severity of CVE-2020-19203?
The severity of CVE-2020-19203 is medium with a CVSS score of 5.4.
Which software is affected by CVE-2020-19203?
CVE-2020-19203 affects the pfSense software WebGUI version 2.4.4-p2 and earlier.
How can I fix CVE-2020-19203?
To fix CVE-2020-19203, it is recommended to update pfSense to version 2.4.4-p3 or later.
Where can I find more information about CVE-2020-19203?
You can find more information about CVE-2020-19203 in the following references: [link1], [link2], [link3].
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.4.4
- version/netgate pfsense/2.4.4-p1
- version/netgate pfsense/2.4.4-p2