EQSTLab
commented
2 weeks ago I am sorry for the late reply. The NVD description only mentions v2.5.2, but “htmlspecialchars($memberses)” is not handled across versions(before this commit: https://github.com/pfsense/pfsense/commit/9a843098cf3f28c27c3e615c4c788c84bd29df6f), so you might want to check that out. We only checked up to v2.5.2 per the NVD description and not beyond, so you need to verify this separately with a PoC.
I see it is only mentioned the pfsense version 2.5.2. Does it affect any previous versions as well?