A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26693
Reference (s):
- https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c