CVE-2014-4693

2014-07-0210:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.

References

pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc