{"id":"CVE-2020-21219","details":"Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.","modified":"2026-03-13T21:49:17.636446Z","published":"2022-12-15T19:15:15.510Z","references":[{"type":"ADVISORY","url":"https://redmine.pfsense.org/issues/9888"},{"type":"FIX","url":"https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/FreeBSD-ports","events":[{"introduced":"0"},{"last_affected":"3d2a117caf1fdca4b1c2495c5b0d20700cb0354c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.4-p3"}]}},{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"a6f443cde51e7fcf17e51f16014d3589253284d8"}]}],"versions":["END-OF-2015Q4","devel_before_hashes_changed","v2.4.4","v2.4.4_1","v2.4.4_2","v2.4.4_3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21219.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.6.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}