Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2025/09/09 8:23 p.m.14 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS0.03396EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:23 p.m.7 views

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.3AI score0.03396EPSS
Exploits0References6
OSV
OSV
added 2025/09/09 8:19 p.m.5 views

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

5.1CVSS5.3AI score0.00793EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 7:59 p.m.16 views

CVE-2025-34173

Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...

5.3CVSS6.2AI score0.00836EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder