An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense prior to 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgate pfsense |