Back to CVE Browser

CVE-2009-2739

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile43.50th

PublishedAug 11, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected Platforms (CPE)

📦

Freenas

Freenas

<= 0.69.1

📦

Freenas

Freenas

= 0.69

📦

Freenas

Freenas

= 0.686.3

📦

Freenas

Freenas

= 0.686.4

References & Advisories

🔗 http://jvn.jp/en/jp/JVN89791790/index.html

🔗 http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html

🔗 http://www.freenas.org/index.php?option=com_frontpage&Itemid=22

🔗 http://www.securityfocus.com/bid/36146

🔗 http://jvn.jp/en/jp/JVN89791790/index.html

🔗 http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html

🔗 http://www.freenas.org/index.php?option=com_frontpage&Itemid=22

🔗 http://www.securityfocus.com/bid/36146

Related Vulnerabilities

CVE-2014-53349.8

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui log...

CVE-2020-116507.5

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of serv...

CVE-2009-27384.3

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authe...

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php...