Lucene search
K

878 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.6 views

CVE-2025-34172

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

4.8CVSS6.2AI score0.00963EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.7 views

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS6.1AI score0.03396EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 9:15 p.m.13 views

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.4CVSS0.03396EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 9:15 p.m.13 views

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.4CVSS0.00793EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 9:15 p.m.12 views

CVE-2025-34176

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

5.3CVSS0.14008EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 8:23 p.m.4 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.6AI score0.03396EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:23 p.m.7 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.3AI score0.03396EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 8:23 p.m.25 views

CVE-2025-34178

The CVE refers to pfSense CE with the Suricata package where the policy_name parameter is not sanitized of HTML-related strings before display, causing stored XSS. Connected sources specify this affects Netgate pfSense CE Suricata package (notably v7.0.8_2 in CVE-2025-34178 listings) and require ...

5.4CVSS5.6AI score0.03396EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/09 8:23 p.m.9 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS0.03396EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 8:19 p.m.3 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.6AI score0.00793EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:19 p.m.5 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.3AI score0.00793EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/09 8:19 p.m.16 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS0.00793EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 8:19 p.m.20 views

CVE-2025-34177

PfSense CE with Suricata package is affected by a stored XSS in suricata_flow_stream.php: the policy_name parameter is not sanitized, allowing reflected HTML/JS content to persist when displayed. Exploitation requires authentication with at least WebCfg - Services: suricata package permissions. T...

5.4CVSS5.6AI score0.00793EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/09 8:15 p.m.6 views

CVE-2025-34174

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

5.4CVSS0.09815EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 8:15 p.m.12 views

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

6.1CVSS0.14775EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 8:15 p.m.5 views

CVE-2025-34173

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

5.3CVSS0.00836EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 8:15 p.m.6 views

CVE-2025-34172

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

6.1CVSS0.00963EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 8:14 p.m.5 views

CVE-2025-34176 Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

5.3CVSS6.1AI score0.14008EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/09 8:14 p.m.11 views

CVE-2025-34176 Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

5.3CVSS0.14008EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 8:14 p.m.18 views

CVE-2025-34176

Summary of impact : CVE-2025-34176 affects pfSense CE with the Suricata package, where the iplist parameter in /suricata/suricata_ip_reputation.php is not sanitized against directory-traversal strings. This leads to a file existence check that reveals whether a file exists, enabling authenticated...

5.3CVSS6.2AI score0.14008EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder