Description
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by dave b · textremotehardware
https://www.exploit-db.com/exploits/35070
exploitdb
WORKING POC
VERIFIED
by dave b · textremotehardware
https://www.exploit-db.com/exploits/35068
exploitdb
WORKING POC
VERIFIED
by dave b · textremotehardware
https://www.exploit-db.com/exploits/35069
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/22/18
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/24/7
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2010/12/06/7
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Nov/43
Scores
EPSS
0.0052
EPSS Percentile
67.0%
Details
CWE
CWE-79
Status
published
Products (1)
bsdperimeter/pfsense
2.0 beta4
Published
Dec 07, 2010
Tracked Since
Feb 18, 2026