Short Name |
HTTP:PFSENSE-ZONE-CSS3 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
pfSense WebGUI Zone Parameter Cross-Site Scripting3 |
Release Date |
2017/04/05 |
Update Number |
2855 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to services_captiveportal_zones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.