Advisory February 6, 2013

Obrela Security Industries Advisory (OSI-1301)

pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase.

For further information please see here:
For more information about pfSense see the main site:

pfSense is a very popular Open Source Firewall and Routing distribution that has been downloaded well over 1 million times.