CVE-2020-19203 in pfSense and Netgate Products
Published on July 12, 2021
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.
Products Associated with CVE-2020-19203
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-19203 are published in these products:
Exploit Probability
EPSS
1.20%
Percentile
78.56%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.