Lucene search

[email protected]NVD:CVE-2022-42247

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2022-42247

2022-10-0316:15:14

CWE-79

[email protected]

web.nvd.nist.gov

pfsense

cross-site scripting

xss vulnerability

browser.php

arbitrary web scripts

html

crafted payload

file name

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.8%

JSON

pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.

Affected configurations

Nvd

Node

pfsensepfsenseMatch2.5.2

VendorProductVersionCPE
pfsensepfsense2.5.2cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pfsense	pfsense	2.5.2	cpe:2.3:a:pfsense:pfsense:2.5.2:::::::*

References

gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a

github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.8%

JSON

Related for NVD:CVE-2022-42247

osv1 prion1 cve1 cvelist1