CVE-2023-42327

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:netgate:pfsense:2.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type Values Removed Values Added
References () https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc - Exploit, Vendor Advisory () https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc - Exploit, Vendor Advisory
References () https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ - () https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ -

12 Dec 2023, 20:15

Type Values Removed Values Added
References
  • () https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ -

16 Nov 2023, 23:44

Type Values Removed Values Added
CWE CWE-79
First Time Netgate pfsense
Netgate
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc - () https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc - Exploit, Vendor Advisory
CPE cpe:2.3:a:netgate:pfsense:2.7.0:*:*:*:*:*:*:*

14 Nov 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-14 04:15

Updated : 2024-11-21 08:22


NVD link : CVE-2023-42327

Mitre link : CVE-2023-42327

CVE.ORG link : CVE-2023-42327


JSON object : View

Products Affected

netgate

  • pfsense
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')