exploitDog

CVE-2025-34172

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

Ссылки

https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64
Patch
https://redmine.pfsense.org/issues/16411
Issue Tracking
https://www.vulncheck.com/advisories/netgate-pf-sense-ce-ha-proxy-reflected-xss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pfsense:pfsense:*:*:*:*:community:*:*:*

Версия до 2.8.0 (исключая)

EPSS

Процентиль: 9%

0.00033

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qqrm-vqhm-v6vg

CVSS3: 6.1

github

5 месяцев назад

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

EPSS

Процентиль: 9%

0.00033

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79