No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-55005 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key. |
Mon, 23 Jun 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Netgate
Netgate pfsense Ce Netgate pfsense Plus |
|
| CPEs | cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:* cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Netgate
Netgate pfsense Ce Netgate pfsense Plus |
Mon, 19 May 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 14 May 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 14 May 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-05T00:59:08.177Z
Reserved: 2025-01-09T00:00:00.000Z
Link: CVE-2024-57273
Updated: 2025-05-14T14:54:41.644Z
Status : Analyzed
Published: 2025-05-14T14:15:26.310
Modified: 2026-06-17T08:13:28.953
Link: CVE-2024-57273
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD