Search

Find a vulnerability

Search criteria

    52 vulnerabilities found for pfsense by pfsense

    CVE-2025-69691 (GCVE-0-2025-69691)

    Vulnerability from nvd – Published: 2026-05-08 00:00 – Updated: 2026-05-08 21:29 Disputed
    VLAI
    Summary
    Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69691",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T19:23:39.775069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-915",
                    "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:29:04.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T05:51:51.358Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.linkedin.com/in/nelson-adhepeau/"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-69691",
        "datePublished": "2026-05-08T00:00:00.000Z",
        "dateReserved": "2026-01-09T00:00:00.000Z",
        "dateUpdated": "2026-05-08T21:29:04.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69690 (GCVE-0-2025-69690)

    Vulnerability from nvd – Published: 2026-05-08 00:00 – Updated: 2026-05-08 21:29 Disputed
    VLAI
    Summary
    Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69690",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T19:24:45.021895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-915",
                    "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:29:10.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T05:56:44.429Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.linkedin.com/in/nelson-adhepeau/"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-69690",
        "datePublished": "2026-05-08T00:00:00.000Z",
        "dateReserved": "2026-01-09T00:00:00.000Z",
        "dateUpdated": "2026-05-08T21:29:10.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34178 (GCVE-0-2025-34178)

    Vulnerability from nvd – Published: 2025-09-09 20:23 – Updated: 2025-11-20 12:22
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
    Summary
    In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:04:10.380873Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:29:05.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_app_parsers.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:22:56.508Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-package-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34178",
        "datePublished": "2025-09-09T20:23:44.475Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:22:56.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34177 (GCVE-0-2025-34177)

    Vulnerability from nvd – Published: 2025-09-09 20:19 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
    Summary
    In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:16:14.669013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:16:21.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_flow_stream.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:06.521Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34177",
        "datePublished": "2025-09-09T20:19:09.928Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:06.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34176 (GCVE-0-2025-34176)

    Vulnerability from nvd – Published: 2025-09-09 20:14 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure
    Summary
    In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:23:57.725858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:24:04.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:14.723Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-directory-traversal-information-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34176",
        "datePublished": "2025-09-09T20:14:37.899Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:14.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34175 (GCVE-0-2025-34175)

    Vulnerability from nvd – Published: 2025-09-09 20:09 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T20:20:29.625163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T20:23:06.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In pfSense CE\u0026nbsp;\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/suricata/suricata_filecheck.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003efilehash\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:27.465Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-reflected-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34175",
        "datePublished": "2025-09-09T20:09:50.289Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:27.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34174 (GCVE-0-2025-34174)

    Vulnerability from nvd – Published: 2025-09-09 20:02 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 2.3.2_7 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T20:19:48.685403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T20:19:56.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Status_Traffic_Totals",
              "product": "pfSense CE",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.2_7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:2.3.2_7:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/status_traffic_totals.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003estart-day\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:37.606Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/9e412edf62113303c36c7f7d5a48b0a3fb0be893"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16413"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-status-traffic-totals-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34174",
        "datePublished": "2025-09-09T20:02:05.701Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:37.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34173 (GCVE-0-2025-34173)

    Vulnerability from nvd – Published: 2025-09-09 19:59 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
    Summary
    In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 4.1.6_25 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T20:18:33.100427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T20:18:41.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Snort",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.6_25",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:4.1.6_25:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/snort/snort_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:55.690Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/d6f462bcc446969f8955c16cfde300d5c9ab7435"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16412"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-snort-directory-traversal-information-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34173",
        "datePublished": "2025-09-09T19:59:14.136Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:55.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34172 (GCVE-0-2025-34172)

    Vulnerability from nvd – Published: 2025-09-09 19:43 – Updated: 2025-11-20 12:24
    VLAI
    Title
    Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 0.63_10 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:54:49.041338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:54:57.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "HAproxy",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.63_10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:0.63_10:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e/usr/local/www/haproxy/haproxy_stats.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshowsticktablecontent\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:24:05.777Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16411"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-ha-proxy-reflected-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34172",
        "datePublished": "2025-09-09T19:43:30.508Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:24:05.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53392 (GCVE-0-2025-53392)

    Vulnerability from nvd – Published: 2025-06-28 00:00 – Updated: 2025-06-30 13:32 Disputed
    VLAI
    Summary
    In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense Affected: 2.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53392",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:27:04.222331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:27.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/skraft9/pfsense-security-research"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "pfSense",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.8.0",
                      "versionStartIncluding": "2.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Netgate pfSense CE 2.8.0, the \"WebCfg - Diagnostics: Command\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36 Absolute Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-28T22:27:49.881Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/skraft9/pfsense-security-research"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53392",
        "datePublished": "2025-06-28T00:00:00.000Z",
        "dateReserved": "2025-06-28T00:00:00.000Z",
        "dateUpdated": "2025-06-30T13:32:27.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29975 (GCVE-0-2023-29975)

    Vulnerability from nvd – Published: 2023-11-09 00:00 – Updated: 2024-09-04 13:53
    VLAI
    Summary
    An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:44.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T13:52:29.832801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T13:53:07.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T21:21:01.880Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29975",
        "datePublished": "2023-11-09T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-04T13:53:07.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29974 (GCVE-0-2023-29974)

    Vulnerability from nvd – Published: 2023-11-08 00:00 – Updated: 2024-09-04 19:02
    VLAI
    Summary
    An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-521 - Weak Password Requirements
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:43.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T19:02:30.555844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T19:02:33.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T20:22:31.827Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29974",
        "datePublished": "2023-11-08T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-04T19:02:33.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29973 (GCVE-0-2023-29973)

    Vulnerability from nvd – Published: 2023-10-24 00:00 – Updated: 2024-09-17 13:43
    VLAI
    Summary
    Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:44.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T15:52:21.909936Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:43:23.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T22:13:18.640Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29973",
        "datePublished": "2023-10-24T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T13:43:23.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-69690 (GCVE-0-2025-69690)

    Vulnerability from cvelistv5 – Published: 2026-05-08 00:00 – Updated: 2026-05-08 21:29 Disputed
    VLAI
    Summary
    Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69690",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T19:24:45.021895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-915",
                    "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:29:10.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T05:56:44.429Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.linkedin.com/in/nelson-adhepeau/"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-69690",
        "datePublished": "2026-05-08T00:00:00.000Z",
        "dateReserved": "2026-01-09T00:00:00.000Z",
        "dateUpdated": "2026-05-08T21:29:10.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69691 (GCVE-0-2025-69691)

    Vulnerability from cvelistv5 – Published: 2026-05-08 00:00 – Updated: 2026-05-08 21:29 Disputed
    VLAI
    Summary
    Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69691",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T19:23:39.775069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-915",
                    "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:29:04.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T05:51:51.358Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.linkedin.com/in/nelson-adhepeau/"
            },
            {
              "url": "https://seclists.org/fulldisclosure/2026/Feb/16"
            }
          ],
          "tags": [
            "disputed"
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-69691",
        "datePublished": "2026-05-08T00:00:00.000Z",
        "dateReserved": "2026-01-09T00:00:00.000Z",
        "dateUpdated": "2026-05-08T21:29:04.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34178 (GCVE-0-2025-34178)

    Vulnerability from cvelistv5 – Published: 2025-09-09 20:23 – Updated: 2025-11-20 12:22
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
    Summary
    In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:04:10.380873Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:29:05.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_app_parsers.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:22:56.508Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-package-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34178",
        "datePublished": "2025-09-09T20:23:44.475Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:22:56.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34177 (GCVE-0-2025-34177)

    Vulnerability from cvelistv5 – Published: 2025-09-09 20:19 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
    Summary
    In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:16:14.669013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:16:21.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_flow_stream.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:06.521Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34177",
        "datePublished": "2025-09-09T20:19:09.928Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:06.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34176 (GCVE-0-2025-34176)

    Vulnerability from cvelistv5 – Published: 2025-09-09 20:14 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure
    Summary
    In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:23:57.725858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:24:04.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:14.723Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-directory-traversal-information-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34176",
        "datePublished": "2025-09-09T20:14:37.899Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:14.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34175 (GCVE-0-2025-34175)

    Vulnerability from cvelistv5 – Published: 2025-09-09 20:09 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 7.0.8_2 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T20:20:29.625163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-09T20:23:06.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Suricata",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.8_2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In pfSense CE\u0026nbsp;\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/suricata/suricata_filecheck.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003efilehash\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:27.465Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16414"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-reflected-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34175",
        "datePublished": "2025-09-09T20:09:50.289Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:27.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34174 (GCVE-0-2025-34174)

    Vulnerability from cvelistv5 – Published: 2025-09-09 20:02 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 2.3.2_7 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T20:19:48.685403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T20:19:56.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Status_Traffic_Totals",
              "product": "pfSense CE",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.2_7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:2.3.2_7:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/status_traffic_totals.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003estart-day\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:37.606Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/9e412edf62113303c36c7f7d5a48b0a3fb0be893"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16413"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-status-traffic-totals-stored-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34174",
        "datePublished": "2025-09-09T20:02:05.701Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:37.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34173 (GCVE-0-2025-34173)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:59 – Updated: 2025-11-20 12:23
    VLAI
    Title
    Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
    Summary
    In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 4.1.6_25 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T20:18:33.100427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T20:18:41.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Snort",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.6_25",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:4.1.6_25:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/snort/snort_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:23:55.690Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/d6f462bcc446969f8955c16cfde300d5c9ab7435"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16412"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-snort-directory-traversal-information-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34173",
        "datePublished": "2025-09-09T19:59:14.136Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:23:55.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34172 (GCVE-0-2025-34172)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:43 – Updated: 2025-11-20 12:24
    VLAI
    Title
    Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
    Summary
    In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense CE Affected: 0.63_10 (custom)
    Create a notification for this product.
    Credits
    Alex Williams (Pellera Technologies)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:54:49.041338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T13:54:57.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "HAproxy",
              "product": "pfSense CE",
              "repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.63_10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense_plus:0.63_10:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alex Williams (Pellera Technologies)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e/usr/local/www/haproxy/haproxy_stats.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshowsticktablecontent\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In pfSense CE\u00a0/usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T12:24:05.777Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://redmine.pfsense.org/issues/16411"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-ha-proxy-reflected-xss"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34172",
        "datePublished": "2025-09-09T19:43:30.508Z",
        "dateReserved": "2025-04-15T19:15:22.567Z",
        "dateUpdated": "2025-11-20T12:24:05.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53392 (GCVE-0-2025-53392)

    Vulnerability from cvelistv5 – Published: 2025-06-28 00:00 – Updated: 2025-06-30 13:32 Disputed
    VLAI
    Summary
    In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Netgate pfSense Affected: 2.8.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53392",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:27:04.222331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:27.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/skraft9/pfsense-security-research"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "pfSense",
              "vendor": "Netgate",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.8.0",
                      "versionStartIncluding": "2.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Netgate pfSense CE 2.8.0, the \"WebCfg - Diagnostics: Command\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36 Absolute Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-28T22:27:49.881Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/skraft9/pfsense-security-research"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53392",
        "datePublished": "2025-06-28T00:00:00.000Z",
        "dateReserved": "2025-06-28T00:00:00.000Z",
        "dateUpdated": "2025-06-30T13:32:27.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29975 (GCVE-0-2023-29975)

    Vulnerability from cvelistv5 – Published: 2023-11-09 00:00 – Updated: 2024-09-04 13:53
    VLAI
    Summary
    An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:44.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T13:52:29.832801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T13:53:07.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T21:21:01.880Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29975",
        "datePublished": "2023-11-09T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-04T13:53:07.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29974 (GCVE-0-2023-29974)

    Vulnerability from cvelistv5 – Published: 2023-11-08 00:00 – Updated: 2024-09-04 19:02
    VLAI
    Summary
    An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-521 - Weak Password Requirements
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:43.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T19:02:30.555844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T19:02:33.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T20:22:31.827Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29974",
        "datePublished": "2023-11-08T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-04T19:02:33.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29973 (GCVE-0-2023-29973)

    Vulnerability from cvelistv5 – Published: 2023-10-24 00:00 – Updated: 2024-09-17 13:43
    VLAI
    Summary
    Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:21:44.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T15:52:21.909936Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:43:23.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T22:13:18.640Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-29973",
        "datePublished": "2023-10-24T00:00:00.000Z",
        "dateReserved": "2023-04-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T13:43:23.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201508-0372

    Vulnerability from variot - Updated: 2025-04-12 23:31

    Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfSense A cross-site scripting vulnerability exists in WebGUI versions prior to 2.2.3. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfsense",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgate",
            "version": "2.2.2"
          },
          {
            "model": "pfsense",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "pfsense",
            "version": "2.2.2"
          },
          {
            "model": "pfsense",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "electric sheep fencing",
            "version": "2.2.3"
          },
          {
            "model": "sheep fencing llc. pfsense",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "electric",
            "version": "2.2.3"
          },
          {
            "model": "pfsense",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pfsense",
            "version": "2.2.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "BID",
            "id": "75907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pfsense:pfsense",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "William Costa",
        "sources": [
          {
            "db": "BID",
            "id": "75907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-4029",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-4029",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-05671",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-4029",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-4029",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05671",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201507-677",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfSense A cross-site scripting vulnerability exists in WebGUI versions prior to 2.2.3. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "BID",
            "id": "75907"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-4029",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "75907",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "BID",
            "id": "75907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "id": "VAR-201508-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:31:22.349000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "pfSense-SA-15_06.webgui",
            "trust": 0.8,
            "url": "https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc"
          },
          {
            "title": "Electric Sheep Fencing Pfsense WebGUI Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93070"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://seclists.org/fulldisclosure/2015/jul/66"
          },
          {
            "trust": 1.6,
            "url": "https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4029"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4029"
          },
          {
            "trust": 0.3,
            "url": "http://www.pfsense.org/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "BID",
            "id": "75907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "BID",
            "id": "75907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "BID",
            "id": "75907"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "date": "2015-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "date": "2015-08-18T15:59:00.097000",
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "BID",
            "id": "75907"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004303"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-4029"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Electric Sheep Fencing Pfsense WebGUI Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05671"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-677"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0131

    Vulnerability from variot - Updated: 2025-04-12 23:28

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. (1) system_advanced_misc.php of proxypass Parameters (2) system_advanced_firewall.php of adaptiveend Parameters (3) system_advanced_firewall.php of adaptivestart Parameters (4) system_advanced_firewall.php of maximumstates Parameters (5) system_advanced_firewall.php of maximumtableentries Parameters (6) system_advanced_firewall.php of aliasesresolveinterval Parameters (7) system_advanced_misc.php of proxyurl Parameters (8) system_advanced_misc.php of proxyuser Parameters (9) system_advanced_misc.php of proxyport Parameters (10) system_advanced_notifications.php of name Parameters (11) system_advanced_notifications.php of notification_name Parameters (12) system_advanced_notifications.php of ipaddress Parameters (13) system_advanced_notifications.php of password Parameters (14) system_advanced_notifications.php of smtpipaddress Parameters (15) system_advanced_notifications.php of smtpport Parameters (16) system_advanced_notifications.php of smtpfromaddress Parameters (17) system_advanced_notifications.php of smtpnotifyemailaddress Parameters (18) system_advanced_notifications.php of smtpusername Parameters (19) system_advanced_notifications.php of smtppassword Parameters. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0131",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfsense",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgate",
            "version": "2.2.2"
          },
          {
            "model": "pfsense",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "electric sheep fencing",
            "version": "2.2.3"
          },
          {
            "model": "sheep fencing llc. pfsense",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "electric",
            "version": "2.2.3"
          },
          {
            "model": "pfsense",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pfsense",
            "version": "2.2.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pfsense:pfsense",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          }
        ]
      },
      "cve": "CVE-2015-6509",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-6509",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-05672",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6509",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6509",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05672",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-410",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. (1) system_advanced_misc.php of proxypass Parameters (2) system_advanced_firewall.php of adaptiveend Parameters (3) system_advanced_firewall.php of adaptivestart Parameters (4) system_advanced_firewall.php of maximumstates Parameters (5) system_advanced_firewall.php of maximumtableentries Parameters (6) system_advanced_firewall.php of aliasesresolveinterval Parameters (7) system_advanced_misc.php of proxyurl Parameters (8) system_advanced_misc.php of proxyuser Parameters (9) system_advanced_misc.php of proxyport Parameters (10) system_advanced_notifications.php of name Parameters (11) system_advanced_notifications.php of notification_name Parameters (12) system_advanced_notifications.php of ipaddress Parameters (13) system_advanced_notifications.php of password Parameters (14) system_advanced_notifications.php of smtpipaddress Parameters (15) system_advanced_notifications.php of smtpport Parameters (16) system_advanced_notifications.php of smtpfromaddress Parameters (17) system_advanced_notifications.php of smtpnotifyemailaddress Parameters (18) system_advanced_notifications.php of smtpusername Parameters (19) system_advanced_notifications.php of smtppassword Parameters. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6509",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "id": "VAR-201508-0131",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:28:46.167000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "pfSense-SA-15_06.webgui",
            "trust": 0.8,
            "url": "https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc"
          },
          {
            "title": "Patch for Electric Sheep Fencing pfsense Cross-Site Scripting Vulnerability (CNVD-2015-05672)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/63146"
          },
          {
            "title": "Electric Sheep Fencing pfsense Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93072"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6509"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6509"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "date": "2015-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "date": "2015-08-18T15:59:08.847000",
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05672"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-6509"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "pfSense Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004305"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-410"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0133

    Vulnerability from variot - Updated: 2025-04-12 23:22

    Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0133",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfsense",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgate",
            "version": "2.2.2"
          },
          {
            "model": "pfsense",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "electric sheep fencing",
            "version": "2.2.3"
          },
          {
            "model": "sheep fencing llc. pfsense",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "electric",
            "version": "2.2.3"
          },
          {
            "model": "pfsense",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pfsense",
            "version": "2.2.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pfsense:pfsense",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          }
        ]
      },
      "cve": "CVE-2015-6511",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-6511",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-05674",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6511",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6511",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05674",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-412",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6511",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "id": "VAR-201508-0133",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:22:14.140000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "pfSense-SA-15_06.webgui",
            "trust": 0.8,
            "url": "https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc"
          },
          {
            "title": "Patch for Electric Sheep Fencing pfsense Cross-Site Scripting Vulnerability (CNVD-2015-05674)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/63147"
          },
          {
            "title": "Electric Sheep Fencing pfsense Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93074"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6511"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6511"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "date": "2015-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "date": "2015-08-18T15:59:10.923000",
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05674"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-6511"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "pfSense Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004307"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-412"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0132

    Vulnerability from variot - Updated: 2025-04-12 23:14

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. pfSense Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfsense has a cross-site scripting vulnerability that can be exploited by remote attackers to inject arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0132",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfsense",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgate",
            "version": "2.2.2"
          },
          {
            "model": "pfsense",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "electric sheep fencing",
            "version": "2.2.3"
          },
          {
            "model": "sheep fencing llc. pfsense",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "electric",
            "version": "2.2.3"
          },
          {
            "model": "pfsense",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pfsense",
            "version": "2.2.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pfsense:pfsense",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          }
        ]
      },
      "cve": "CVE-2015-6510",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-6510",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-05673",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6510",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6510",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05673",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-411",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. pfSense Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfsense has a cross-site scripting vulnerability that can be exploited by remote attackers to inject arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6510",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "id": "VAR-201508-0132",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:14:18.888000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "pfSense-SA-15_06.webgui",
            "trust": 0.8,
            "url": "https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc"
          },
          {
            "title": "Patch for Electric Sheep Fencing pfsense Cross-Site Scripting Vulnerability (CNVD-2015-05673)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/63149"
          },
          {
            "title": "Electric Sheep Fencing pfsense Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93073"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6510"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6510"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "date": "2015-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "date": "2015-08-18T15:59:09.800000",
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05673"
          },
          {
            "date": "2015-08-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-6510"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "pfSense Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004306"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-411"
          }
        ],
        "trust": 0.6
      }
    }