Pfsense Plus
Approved changes feed: RSS · Atom
cpe:2.3:a:netgate:pfsense_plus:2.3.2_7:*:*:*:*:*:*:*
part: a version: 2.3.2_7 update: *
| Vendor | Netgate (42bc912c-274f-5f68-8e52-e5d60c7dbf39) |
|---|---|
| Product | Pfsense Plus (5ec68f3d-66e2-5fbb-89ed-73f49d117b36) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34174 |
vulnerable | 2026-06-03 15:00:44.202609 |
Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
Published: 2025-09-09T20:02:05.701Z
Updated: 2025-11-20T12:23:37.606Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.