Multiple Cross-Site Scripting (XSS) vulnerabilities were found in the Captive
Portal area of the pfSense software WebGUI on version 2.3.2_1 and earlier.
List of parameters vulnerable to reflected XSS:
* status_captiveportal.php: "order", "zone"
* status_captiveportal_expire.php: "zone"
* status_captiveportal_test.php: "zone"
* status_captiveportal_voucher_rolls.php: "zone"
* status_captiveportal_vouchers.php: "zone"
Due to the lack of proper encoding on the affected variables and pages
The user's session cookie or other information from the session may be