XSS vulnerability in pfsense v2.5.2
The path of the XSS vulnerability in file https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vendor/filebrowser/browser.php
In this file we get the list of dirs and files in specific directory through the function get_content.
Then we print the list of files as we can see in this simplified code.
// ----- read contents -----