878 matches found
CVE-2025-34176
Summary of impact : CVE-2025-34176 affects pfSense CE with the Suricata package, where the iplist parameter in /suricata/suricata_ip_reputation.php is not sanitized against directory-traversal strings. This leads to a file existence check that reveals whether a file exists, enabling authenticated...
CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...
CVE-2025-34175
The CVE pertains to pfSense CE with Suricata package (suricata_filecheck.php). The vulnerability arises because the filehash parameter is output directly without HTML sanitization, enabling reflected XSS when a user is authenticated. Affected component: /usr/local/www/suricata/suricata_filecheck....
CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...
CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...
CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34174
The CVE affects pfSense CE in the Status Traffic Totals feature: /usr/local/www/status_traffic_totals.php processes the start-day parameter. The parameter is not validated as numeric nor sanitized for HTML, allowing the value to be saved as the default display for all users, which triggers stored...
CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173
Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...
CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...
CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...
CVE-2025-34172
CVE-2025-34172 affects pfSense CE (Netgate pfSense CE HAProxy package). The vulnerability exists in haproxy_stats.php where the value of the showsticktablecontent parameter is read from HTTP GET requests and then displayed, enabling reflected cross-site scripting when the victim is authenticated....
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the iplist parameter not cleaning up directory...
PT-2025-36943
Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /suricata/suricata ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg -...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the policyname parameter not being cleaned of...