8 matches found
CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...
CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...
Design/Logic Flaw
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...
CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...
CVE-2022-29273
CVE-2022-29273 affects pfSense CE up to version 2.6.0 and pfSense Plus up to 22.04/22.05; it enables cross-site scripting in the WebGUI via URL Table Alias URL parameters. The available connected docs confirm the flaw and affected versions; there are no explicit exploit details. Remediation prese...
PT-2023-12967 · Unknown · Pfsense Ce +1
Name of the Vulnerable Software and Affected Versions: pfSense CE versions 2.6.0 and earlier pfSense Plus versions prior to 22.05 Description: The issue allows for XSS in the WebGUI via URL Table Alias URL parameters. This means an attacker could potentially inject malicious scripts into the web...
CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...
Альтернативный LIMIT
Затравка. Приведу альтернативу LIMIT, когда в url нельзя использовать символы: пробел,,',/,% Из-за ограничений отпадают альтернативные пробелы %09,%0A,... и //. Остается альтернативный синтаксис с использованием скобок. Но синтаксис limit не позволяет даже их: Код: ... limit1,100 -- error...