CVE

CVE-2018-5191

CVE-2018-5191

/usr/local/www/csrf/csrf-magic.php in the WebGUI in pfSense before 2.4.2-RELEASE allows Clickjacking on the CSRF error page because the error detection occurs before an X-Frame-Options header is set.

Source: CVE-2018-5191

Exit mobile version