Rapid7 Vulnerability & Exploit Database

pfSense: pfSense-SA-15_07.webgui: Multiple Stored XSS Vulnerabilities in the pfSense WebGUI

Back to Search

pfSense: pfSense-SA-15_07.webgui: Multiple Stored XSS Vulnerabilities in the pfSense WebGUI

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/01/2015
Created
07/25/2018
Added
08/25/2017
Modified
03/27/2020

Description

Multiple Stored Cross-Site Scripting (XSS) vulnerabilities were found in the pfSense WebGUI. The "Descriptive Name" field of Certificate Authorities, Certificates, and Certificate Revocation Lists were not being sanitized or encoded properly in certain cases. As a result stored XSS was possible when values entered in these fields were displayed to the user. List of affected pages: usr/local/www/system_certmanager.php (Discovered by Hari Hara Subramani) usr/local/www/vpn_openvpn_server.php (Discovered by Hari Hara Subramani) usr/local/www/system_camanager.php (Discovered Internally) usr/local/www/system_crlmanager.php (Discovered Internally) usr/local/www/vpn_openvpn_client.php (Discovered Internally) usr/local/www/vpn_ipsec_phase1.php (Discovered Internally) usr/local/www/system_authservers.php (Discovered Internally) usr/local/www/system_usermanager.php (Discovered Internally) usr/local/www/system_advanced_admin.php (Discovered Internally) usr/local/www/services_captiveportal.php (Discovered Internally) usr/local/www/wizards/openvpn_wizard.inc (Discovered Internally) Due to the lack of proper encoding on the affected variables and pages, arbitrary JavaScript can be executed in the user's browser. The user's session cookie or other information from the session may be compromised.

Solution(s)

  • pfsense-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;