Multiple Cross-Site Scripting vulnerabilities were discovered in the pfSense
WebGUI during a security audit.
* Multiple XSS in System > Advanced, Notifications page.
* XSS in captive portal status widget
* XSS in edit.php
Due to the lack of encoding on the affected actions and pages, an attacker
could cause an administrator's browser session to trigger an unwanted
action by getting them to browse to a crafted URL.