Vulnerability Description
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense Plus | <= 21.05 |
| Pfsense | Pfsense | <= 2.5.2 |
Related Weaknesses (CWE)
References
- https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.ascThird Party Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlThird Party AdvisoryVDB Entry
- https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.ascThird Party Advisory
- https://jvn.jp/en/jp/JVN87751554/index.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-20729?
CVE-2021-20729 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inj...
How severe is CVE-2021-20729?
CVE-2021-20729 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20729?
Check the references section above for vendor advisories and patch information. Affected products include: Netgate Pfsense Plus, Pfsense Pfsense.