{"id":"CVE-2020-21487","details":"Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.","modified":"2026-03-14T10:26:06.288639Z","published":"2023-04-04T15:15:08.147Z","references":[{"type":"FIX","url":"https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8"},{"type":"FIX","url":"https://redmine.pfsense.org/issues/9888"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/FreeBSD-ports","events":[{"introduced":"0"},{"last_affected":"cce2c24e75bd0c986602bb7027d235c9dff7cde0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.4-NA"}]}},{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"a6f443cde51e7fcf17e51f16014d3589253284d8"}]}],"versions":["END-OF-2015Q4","devel_before_hashes_changed","v2.4.4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.6.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21487.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}