Intrusion Prevention

ESF.pfSense.Squid.Clwarn.PHP.XSS

Description

This indicates an attack attempt against a Cross-Site Scripting vulnerability in ESF pfSense.
The vulnerability is due to insufficient validation of a maliciously crafted HTTP request. An attacker can exploit this to execute arbitrary script code within the context of the application.

Affected Products

PFSense Project PFSense 2.3.1-RELEASE-p1

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of application.

Recommended Actions

Upgrade to the latest version, available from the website.
https://www.pfsense.org/security/advisories/pfSense-SA-16_06.squid.asc