Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.7 views

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.1AI score0.03396EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 9:15 p.m.13 views

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.4CVSS0.03396EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:23 p.m.7 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.3AI score0.03396EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.9 views

PT-2025-36957

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The policy name parameter in /suricata/suricata app parsers.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored...

5.1CVSS5.3AI score0.03396EPSS
Exploits0References4
Rows per page
Query Builder