Posted by Curesec Research Team (CRT) on Mar 27

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: pfsense 2.3.2
Fixed in: 2.3.3
Fixed Version Link: https://pfsense.org/download/
Vendor Website: https://www.pfsense.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 02/06/2017
Disclosed to public: 03/24/2017
Release mode: Coordinated Release
CVE: requested via DWF
Credits Tim Coen of…