A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and previous versions. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgate pfsense 2.4.4 |
||
netgate pfsense |