CVE-2019-16914

An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
References
Link Resource
https://github.com/pfsense/pfsense/commit/d31362b69d5d52dc196dc72f66e830cd1e6e9a4f Patch Third Party Advisory
https://redmine.pfsense.org/issues/9609 Permissions Required Third Party Advisory
https://www.seebug.org/vuldb/ssvid-98023 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*
cpe:2.3:a:netgate:pfsense:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:netgate:pfsense:2.4.4:p1:*:*:*:*:*:*
cpe:2.3:a:netgate:pfsense:2.4.4:p2:*:*:*:*:*:*
cpe:2.3:a:netgate:pfsense:2.4.4:p3:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-26 18:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-16914

Mitre link : CVE-2019-16914

CVE.ORG link : CVE-2019-16914


JSON object : View

Products Affected

netgate

  • pfsense
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')