2 matches found
PT-2022-26332 · Pfsense · Pfsense
Name of the Vulnerable Software and Affected Versions: pfSense version 2.5.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name, due to a cross-site scripting XSS vulnerability in the browser.php component...
Command injection
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...