pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase.
For further information please see here: https://www.exploit-db.com/exploits/24439
For more information about pfSense see the main site: https://www.pfsense.org/
pfSense is a very popular Open Source Firewall and Routing distribution that has been downloaded well over 1 million times.
