exploitDog

GHSA-qqrm-vqhm-v6vg

Опубликовано: 09 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 4.8

CVSS3: 6.1

Описание

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

Ссылки

EPSS

Процентиль: 9%

0.00033

Низкий

4.8 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-34172

CVSS3: 6.1

nvd

5 месяцев назад

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

EPSS

Процентиль: 9%

0.00033

Низкий

4.8 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79