Security Advisory

CVE-2020-10797

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-29 13:29:52

Last updated 2024-08-04 11:14:15

Assigner mitre

State PUBLISHED

Description

An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.

← Browse all CVEs View on cve.org ↗