pfSense 2.5.2 XSS in browser.php via crafted file name
CVE-2022-42247 Published on October 3, 2022
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Products Associated with CVE-2022-42247
stack.watch emails you whenever new vulnerabilities are published in pfSense or Netgate Pfsense. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.