Overview
- Description
- A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2024-46538
@transilienceai
17 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-46538
@transilienceai
6 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-46538: XSS in pfSense, 9.3 rating 🔥 XSS allows an attacker to perform arbitrary code execution in the user's browser. Now it has a PoC! Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/dc1TxgsQSa #cybersecurity #vulnerability_map #pfsense https://t.co/4AqP85n
@Netlas_io
5 Nov 2024
3859 Impressions
13 Retweets
56 Likes
27 Bookmarks
1 Reply
0 Quotes
🚨CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published A critical XSS vulnerability (CVE-2024-46538) has been identified in pfSense v2.5.2, exposing systems to remote exploitation. Discovered by researcher physicszq, the flaw affects the… https://t
@Ransom_DB
4 Nov 2024
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unpatched #XSS Flaw in #pfSense Allows Remote Exploits, #PoC Published Stay informed about pfSense vulnerability CVE-2024-46538. Find out how this XSS flaw can be exploited to execute arbitrary web scripts or HTML on affected systems https://t.co/FxP9LOjOAh
@the_yellow_fall
4 Nov 2024
2241 Impressions
13 Retweets
41 Likes
12 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45216 2 - CVE-2024-38821 3 - CVE-2023-23397 4 - CVE-2024-51378 5 - CVE-2024-46538 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2024-46538 : PfSense Stored XSS Vulnerability A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. #bugbountytips
@cy6erf0x
2 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-46538: Critical #pfSense Vulnerability A stored XSS in pfSense v2.5.2 allows attackers to inject malicious scripts via $pconfig in interfaces_groups_edit.php, potentially leading to RCE if exploited ZoomEye Dork app:"pfSense Firewall httpd" reveals 612k exposed instances
@Clon3R17320
1 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-46538 PfSense Stored XSS lead to RCE PoC https://t.co/zC4hFfc9iK
@momika233
31 Oct 2024
2265 Impressions
16 Retweets
39 Likes
16 Bookmarks
0 Replies
0 Quotes
🚨PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE https://t.co/bKsnch9wcL https://t.co/2FSPyuAx1Q
@DarkWebInformer
30 Oct 2024
33375 Impressions
29 Retweets
129 Likes
71 Bookmarks
1 Reply
2 Quotes
#exploit 1. CVE-2024-46538: PfSense Stored XSS lead to RCE https://t.co/vUesdOWtWH 2. CVE-2024-8353: GiveWP PHP Object Injection https://t.co/vP0hdnetFt 3. CVE-2024-21305: Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability https://t.co/D94i5ipdWw
@akaclandestine
25 Oct 2024
1403 Impressions
16 Retweets
18 Likes
9 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-46538: PfSense Stored XSS lead to RCE https://t.co/8dNiDgVadB 2. CVE-2024-8353: GiveWP PHP Object Injection https://t.co/FuDSBkSp7w 3. CVE-2024-21305: Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability https://t.co/mTbo11WGyQ
@ksg93rd
24 Oct 2024
312 Impressions
3 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
Proof-of-Concept for CVE-2024-46538 https://t.co/0V0r72LpCq #Pentesting #CyberSecurity #Infosec https://t.co/y3fYa1CZ8E
@ptracesecurity
24 Oct 2024
1165 Impressions
4 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - EQSTLab/CVE-2024-46538: PoC for CVE-2024-46538 - https://t.co/FMQHdEMjKE
@piedpiper1616
23 Oct 2024
3273 Impressions
15 Retweets
55 Likes
12 Bookmarks
3 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense:2.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CBD3896-7E10-4B29-BCCB-7F3E9F659B7D"
}
],
"operator": "OR"
}
]
}
]