An XSS issue was discovered in pfSense through 2.4.4-p3. In servicescaptiveportalmac.php, the username and delmac parameters are displayed without sanitization.