What is the severity of CVE-2021-20729?

The severity of CVE-2021-20729 is medium with a severity value of 6.1.

How does CVE-2021-20729 affect pfSense CE?

CVE-2021-20729 affects pfSense CE versions 2.5.2 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.

How does CVE-2021-20729 affect pfSense Plus?

CVE-2021-20729 affects pfSense Plus versions 21.05 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.

What is the Common Weakness Enumeration (CWE) for CVE-2021-20729?

The Common Weakness Enumeration (CWE) for CVE-2021-20729 is CWE-79.

Where can I find more information about CVE-2021-20729?

You can find more information about CVE-2021-20729 at the following references: [link1](https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc), [link2](https://jvn.jp/en/jp/JVN87751554/index.html).

Vulnerability/
CVE-2021-20729

31/3/2022

8/4/2022

CVE-2021-20729

First published: Thu Mar 31 2022(Updated: )

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Netgate pfSense Plus	<=21.05
pfSense pfSense	<=2.5.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-20729?
The severity of CVE-2021-20729 is medium with a severity value of 6.1.
How does CVE-2021-20729 affect pfSense CE?
CVE-2021-20729 affects pfSense CE versions 2.5.2 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.
How does CVE-2021-20729 affect pfSense Plus?
CVE-2021-20729 affects pfSense Plus versions 21.05 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.
What is the Common Weakness Enumeration (CWE) for CVE-2021-20729?
The Common Weakness Enumeration (CWE) for CVE-2021-20729 is CWE-79.
Where can I find more information about CVE-2021-20729?
You can find more information about CVE-2021-20729 at the following references: [link1](https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc), [link2](https://jvn.jp/en/jp/JVN87751554/index.html).

collector/nvd-index
agent/description
agent/tags
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/netgate
canonical/netgate pfsense plus
version/netgate pfsense plus/21.05
vendor/pfsense
canonical/pfsense pfsense
version/pfsense pfsense/2.5.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.