Advisory February 6, 2013

Obrela Security Industries Advisory (OSI-1301)

pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase.

For further information please see here: https://www.exploit-db.com/exploits/24439
For more information about pfSense see the main site: https://www.pfsense.org/

pfSense is a very popular Open Source Firewall and Routing distribution that has been downloaded well over 1 million times.