A Cross-Site Scripting (XSS) vulnerability was found in diag_dns.php, a part of
the pfSense software WebGUI, on version 2.3.4 and earlier (2.3.x branch) and on
version 2.4.1 and earlier (2.4.x branch).
On diag_dns.php, the "hostname" parameter was being utilized without encoding in
Due to the lack of proper encoding on the affected variable susceptible to XSS,
cookie or other information from the session may be compromised.