2020-04-01 15:47:58
mitre
PUBLISHED
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.