CVE-2010-4246

Description

Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.

Affected products

• bsdperimeter / pfsense1.2.3 – 1.2.3
• bsdperimeter / pfsense2.0 – 2.0

References

• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/22/18
• MISChttp://www.securityfocus.com/bid/44738
• MAILING_LISThttp://openwall.com/lists/oss-security/2010/11/24/7
• VENDOR_ADVISORYhttp://secunia.com/advisories/42138
• MAILING_LISThttp://seclists.org/fulldisclosure/2010/Nov/43