exploitDog

CVE-2025-34175

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.

Ссылки

https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4
Patch
https://redmine.pfsense.org/issues/16414
Issue Tracking
https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-reflected-xss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pfsense:pfsense:*:*:*:*:community:*:*:*

Версия до 2.8.0 (исключая)

EPSS

Процентиль: 7%

0.00026

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qp2j-287f-6vvg

CVSS3: 6.1

github

5 месяцев назад

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.

EPSS

Процентиль: 7%

0.00026

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79