mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
828 B
828 B
CVE-2024-57273
Description
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key.
POC
Reference
Github
No PoCs found on GitHub currently.