pfSense: pfSense-SA-23_09.webgui: XSS vulnerability in the WebGUI

A potential Cross-Site Scripting (XSS) vulnerability was found in
status_logs_filter_dynamic.php, a component of the pfSense Plus and pfSense CE
software GUI.

The page does not always validate or sanitize the value of the "interface"
variable from user input when using RAW mode ("filtersubmit=1"), which then may
be printed without encoding inside a block of JavaScript code.

This problem is present on pfSense Plus version 23.05.1, pfSense CE version
2.7.0, and earlier versions of both.

Due to the lack of proper encoding on the affected parameters susceptible to
XSS, arbitrary JavaScript could be executed in the user's browser. The user's
session cookie or other information from the session may be compromised.

The user must be logged in and have sufficient privileges to access
status_logs_filter_dynamic.php.