What is CVE-2019-12347?

CVE-2019-12347 is a vulnerability in N/a. Published 2019-05-29.

Is CVE-2019-12347 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12347

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.

EPSS: 0.732 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

redmine.pfsense.org/issues/9554 (x_refsource_MISC)
www.pfsense.org/download/ (x_refsource_MISC)
ctrsec.io/index.php/2019/05/28/stored-xss-acme-pfsense-2-4-4-p3/ (x_refsource_MISC)
packetstormsecurity.com/files/153112/pfSense-2.4.4-p3-Cross-Site-Scripting.html (x_refsource_MISC)
github.com/pfsense/FreeBSD-ports/commit/504909564079e540689dbdbed3a579483c614275 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-12347?: CVE-2019-12347 is a vulnerability in N/a. Published 2019-05-29.
Is CVE-2019-12347 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.