vendor:
pfSense
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: pfSense
Affected Version From: 2 Beta 4
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:pfsense:pfsense:2_beta_4
Platforms Tested:
Unknown
Cross-Site Scripting Vulnerabilities in pfSense
The pfSense firewall software is prone to multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.
Mitigation:
It is recommended to update to the latest version of pfSense to mitigate these vulnerabilities. Additionally, users should be cautious when visiting untrusted websites or clicking on suspicious links.