Vulnerability Description
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense | < 2.4.4 |
Related Weaknesses (CWE)
References
- https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.htmlVendor Advisory
- https://gist.github.com/dharmeshbaskaran/55d546496bfb0ba28117e846d8b785dbThird Party Advisory
- https://www.netgate.com/assets/downloads/advisories/pfSense-SA-19_04.webgui.ascVendor Advisory
- https://www.pfsense.org/download/ProductRelease NotesVendor Advisory
- https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.htmlVendor Advisory
- https://gist.github.com/dharmeshbaskaran/55d546496bfb0ba28117e846d8b785dbThird Party Advisory
- https://www.netgate.com/assets/downloads/advisories/pfSense-SA-19_04.webgui.ascVendor Advisory
- https://www.pfsense.org/download/ProductRelease NotesVendor Advisory
FAQ
What is CVE-2020-19203?
CVE-2020-19203 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget d...
How severe is CVE-2020-19203?
CVE-2020-19203 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-19203?
Check the references section above for vendor advisories and patch information. Affected products include: Netgate Pfsense.