Vulnerabilities > Opnsense Project

DATE CVE VULNERABILITY TITLE RISK
2018-01-03 CVE-2017-1000479 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set.
6.8