← back
CVE-2024-46538

CVE-2024-46538

CVSS 9.3 CRITICALEPSS 77.9%CWE-79
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected products
n/a · n/a
public PoCs found2
githubgithub.com/EQSTLab/CVE-2024-4653851githubgithub.com/LauLeysen/CVE-2024-465384
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/physicszq/web_issue/blob/main/pfsense/interfaces_groups_edit_file.md_xss.mdhttps://redmine.pfsense.org/issues/15778