Obrela Security Industries Advisory (OSI-1301)

6 February 2013

pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase.

For further information please see here: http://www.exploit-db.com/exploits/24439/
For more information about pfSense see the main site: http://www.pfsense.org/

pfSense is a very popular Open Source Firewall and Routing distribution that has been download well over 1 million times.