First published: Mon Oct 03 2022(Updated: )
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
pfSense pfSense | =2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-42247.
The severity of CVE-2022-42247 is medium with a CVSS score of 6.1.
The affected software version is pfSense v2.5.2.
The vulnerability is a cross-site scripting (XSS) vulnerability in the browser.php component of pfSense v2.5.2.
Attackers can exploit CVE-2022-42247 by injecting a crafted payload into a file name, allowing them to execute arbitrary web scripts or HTML.