CVE-2020-11457

MEDIUM

pfSense < 2.4.5 - Stored Cross-Site Scripting via User Full Name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11457. PoCs published by Matthew Aberegg.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in pfSense 2.4.4-P3 via the 'descr' parameter in the User Manager. The payload is injected into the user's Full Name field and triggers when navigating to the privilege assignment page.

Description

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

Exploits (1)

exploitdb WORKING POC
by Matthew Aberegg · textwebappsfreebsd
https://www.exploit-db.com/exploits/48300

This exploit demonstrates a persistent XSS vulnerability in pfSense 2.4.4-P3 via the 'descr' parameter in the User Manager. The payload is injected into the user's Full Name field and triggers when navigating to the privilege assignment page.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: pfSense 2.4.4-P3
Auth required
Prerequisites: Valid session cookie (PHPSESSID) · Access to the pfSense administration panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0928
EPSS Percentile 94.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
netgate/pfsense < 2.4.5
Published Apr 01, 2020
Tracked Since Feb 18, 2026