EIP-2026-100971
PRE-CVEpfSense UTM Platform 2.0.1 - Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100971. PoCs published by Dimitris Strevinas.
AI-analyzed exploit summary This is a vulnerability writeup describing a semi-persistent XSS and CSRF vulnerability in pfSense <= 2.0.1 during IPSec XAuth authentication. The exploit involves injecting JavaScript/HTML code as a username during authentication, which is then reflected in the IPSec logs.
Description
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
Exploits (1)
This is a vulnerability writeup describing a semi-persistent XSS and CSRF vulnerability in pfSense <= 2.0.1 during IPSec XAuth authentication. The exploit involves injecting JavaScript/HTML code as a username during authentication, which is then reflected in the IPSec logs.