pfSense 跨站脚本漏洞

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in pfSense versions prior to 2.5.2, which originates from a php echo in /usr/local/www/pkg.php using $ REQUESTpkg filter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...

pfSense - pkg.php?xml Cross-Site Scripting

pfSense - pkg.php?xml Cross-Site Scripting source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

pfSense Cross Site Scripting

"Those who cannot learn from history are doomed to repeat it." - George Santayana http://cvstrac.pfsense.org/chngview?cn=20994 "Comment: Make scripts XSS input safe. " Date: 2008-Feb-11 23:33:24 local 2008-Feb-12 04:33:24 UTC So in 2010, pfsense 2 beta 4: ... xss - pkgedit.php...