4 matches found
CVE-2025-34178
In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
CVE-2025-34178
In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
CVE-2025-34178
In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
PT-2025-36957
Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The policy name parameter in /suricata/suricata app parsers.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored...