Bug #15778
Updated by Jim Pingle 14 days ago
When submitting interface group members on @interfaces_groups_edit.php@ the member list is not validated before it is then stored in the configuration. The group member list is then printed without encoding on @interfaces_groups.php@, leading to a potential stored XSS. Original report URL: https://github.com/physicszq/web_issue/blob/main/pfsense/interfaces_groups_edit_file.md_xss.md