freenas logo 100x100The Learn FreeNAS blog reported about two recently found security flaws in FreeNAS, which will only affect those connected to the internet.

  1. Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
  2. Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.