Rapid7 Vulnerability & Exploit Database

pfSense: pfSense-SA-15_05.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI

Back to Search

pfSense: pfSense-SA-15_05.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/15/2015
Created
07/25/2018
Added
08/25/2017
Modified
03/27/2020

Description

Multiple Cross-Site Scripting (XSS) vulnerabilities were found in the pfSense WebGUI after receiving a tip from Nicholas Starke about load_balancer_pool_edit.php which lead to further discoveries in related areas during our internal investigation. * Stored XSS via the "name" and "descr" parameters in /usr/local/www/load_balancer_pool_edit.php * Stored XSS via the "name" and "descr" parameters in /usr/local/www/load_balancer_monitor_edit.php * Stored XSS via the "monitor" parameter in /usr/local/www/load_balancer_pool.php * Stored XSS via the "poolname" and "sitedown" parameters in /usr/local/www/load_balancer_virtual_server.php * Stored XSS via the "name" parameter in /usr/local/www/load_balancer_virtual_server_edit.php * Stored XSS via the configuration revision description in /usr/local/www/diag_confbak.php Due to the lack of proper encoding on the affected variables and pages, arbitrary JavaScript can be executed in the user's browser. The user's session cookie or other information from the session may be compromised. To take advantage of this vulnerability a user with privileges to edit the values on the affected pages is required.

Solution(s)

  • pfsense-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;