CVE-2020-21487: XSS
First published: Tue Apr 04 2023(Updated: )
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | =2.4.4 | |
| Netgate Pfsense Acme Package | =0.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-21487?
The severity of CVE-2020-21487 is critical with a CVSS score of 9.6.
What is the description of CVE-2020-21487?
CVE-2020-21487 is a Cross-Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3, allowing attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.
Which software versions are affected by CVE-2020-21487?
Netgate pfSense 2.4.4 and ACME package v.0.6.3 are affected by CVE-2020-21487.
How can an attacker exploit CVE-2020-21487?
Attackers can exploit CVE-2020-21487 by injecting malicious code through the RootFolder field of acme_certificates.php.
Are there any references for CVE-2020-21487?
Yes, you can find references for CVE-2020-21487 at the following links: [Link 1](https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8), [Link 2](https://redmine.pfsense.org/issues/9888).
- collector/nvd-index
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.4.4
- canonical/netgate pfsense acme package
- version/netgate pfsense acme package/0.6.3