CVE-2014-4687

Name of the Vulnerable Software and Affected Versions pfSense versions prior to 2.1.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including starttime0 to "firewall schedule.php", rssfeed to "rss.widget.php", servicestatusfilter to "services status.widget.php", txtRecallBuffer to "exec.php", or the HTTP Referer header to "log.widget.php".

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.