← back
CVE-2021-20729

CVE-2021-20729

EPSS 2.8%
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
Affected products
pfSense · pfSense CE and pfSense Plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.aschttps://jvn.jp/en/jp/JVN87751554/index.html