NVD

Id
27407  
Name
CVE-2015-6509  
Description
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-08-18  
Modified Date
2015-08-19  
Seq
2015-6509  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
144039 27407 CVE-2015-6509 https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
8985 JVNDB-2015-004305 pfSense におけるクロスサイトスクリプティングの脆弱性 pfSense には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2015-6509 83734 CVE-2015-6509 27407 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004305.html 2015-06-16 2015-08-24 View