CVE-2021-20729: XSS
First published: Thu Mar 31 2022(Updated: )
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense Plus | <=21.05 | |
| pfSense pfSense | <=2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-20729?
The severity of CVE-2021-20729 is medium with a severity value of 6.1.
How does CVE-2021-20729 affect pfSense CE?
CVE-2021-20729 affects pfSense CE versions 2.5.2 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.
How does CVE-2021-20729 affect pfSense Plus?
CVE-2021-20729 affects pfSense Plus versions 21.05 and earlier, allowing a remote attacker to inject an arbitrary script via a malicious URL.
What is the Common Weakness Enumeration (CWE) for CVE-2021-20729?
The Common Weakness Enumeration (CWE) for CVE-2021-20729 is CWE-79.
Where can I find more information about CVE-2021-20729?
You can find more information about CVE-2021-20729 at the following references: [link1](https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc), [link2](https://jvn.jp/en/jp/JVN87751554/index.html).
- collector/nvd-index
- agent/softwarecombine
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/netgate
- canonical/netgate pfsense plus
- version/netgate pfsense plus/21.05
- vendor/pfsense
- canonical/pfsense pfsense
- version/pfsense pfsense/2.5.2