An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and previous versions. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgate pfsense |
||
netgate pfsense 2.4.4 |