pfSense: pfSense-SA-17_05.webgui: Multiple XSS vulnerabilities in the WebGUI

Cross-Site Scripting (XSS) vulnerabilities were found in three pages of the
pfSense software WebGUI on version 2.3.4 and earlier.

* On vendor/filebrowser/browser.php, which is part of the "Browse" function on
diag_edit.php, the "filename" parameter can be used to trigger an XSS if a
file exists with a specially-crafted name.

In order to exploit this, a user must be able to write files with arbitrary
names to the firewall and then coerce an administrator with GUI access to load
that same file in diag_edit.php through the file browser.

* On firewall_nat_edit.php, the "interface" parameter was not validated on save,
so a specially-crafted submission could store an interface with a name that
could trigger an XSS through the dst_change() JavaScript function on the page.

* On diag_tables.php, the "type" parameter which contains the table name to
display was not being validated against a list of current tables. The
unvalidated parameter was submitted back via AJAX to load the invalid table,
and was presented to the user unencoded.

Due to the lack of proper encoding on the affected variable susceptible to XSS,
arbitrary JavaScript can be executed in the user's browser. The user's session
cookie or other information from the session may be compromised.