CVE-2010-4412 – pfSense - 'interfaces.php?if' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4412
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en pfSense v2 beta 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro id en una acción olsrd.xml a pkg_edit.php, (2) el parámetro xml a pkg.php, o el parámetro if a (3) status_graph.php o (4) interfaces.php. Se trata de una vulnerabilidad diferente de CVE-2008-1182 y CVE-2010-4246. • https://www.exploit-db.com/exploits/35071 https://www.exploit-db.com/exploits/35069 https://www.exploit-db.com/exploits/35068 https://www.exploit-db.com/exploits/35070 http://openwall.com/lists/oss-security/2010/11/22/18 http://openwall.com/lists/oss-security/2010/11/24/7 http://openwall.com/lists/oss-security/2010/12/06/7 http://seclists.org/fulldisclosure/2010/Nov/43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1182
https://notcve.org/view.php?id=CVE-2008-1182
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en BSD Perimeter pfSense antes de 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://blog.pfsense.org/?p=170 http://secunia.com/advisories/29126 http://www.securityfocus.com/bid/28072 https://exchange.xforce.ibmcloud.com/vulnerabilities/40967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •