CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.1%

CVSS Severity

CVSS v3 Score 9.6

References

https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8
https://redmine.pfsense.org/issues/9888
https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8
https://redmine.pfsense.org/issues/9888

Products affected by CVE-2020-21487

Netgate » Pfsense » Version: 2.4.4

cpe:2.3:a:netgate:pfsense:2.4.4
Netgate » Pfsense Acme Package » Version: 0.6.3

cpe:2.3:a:netgate:pfsense_acme_package:0.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-21487

Products

Pricing

Contact Us