Vulnerability Details CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-20729
-
cpe:2.3:a:netgate:pfsense_plus:-
-
cpe:2.3:a:netgate:pfsense_plus:21.02
-
cpe:2.3:a:netgate:pfsense_plus:21.02.2
-
cpe:2.3:a:netgate:pfsense_plus:21.05
-
cpe:2.3:a:pfsense:pfsense:-
-
cpe:2.3:a:pfsense:pfsense:2.2.6
-
cpe:2.3:a:pfsense:pfsense:2.4.4
-
cpe:2.3:a:pfsense:pfsense:2.5.2