Two Security Alerts for FreeNAS
The NVD (National Vulnerability Database) has issued two security alerts for FreeNAS.
1. Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
2. Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
If your FreeNAS is in anyway connected to the Internet it is recommended that you upgrade. If your FreeNAS is on a secure LAN then these issues will probably not affect you.