Pfsense Plus
Approved changes feed: RSS · Atom
cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*
part: a version: 7.0.8_2 update: *
| Vendor | Netgate (42bc912c-274f-5f68-8e52-e5d60c7dbf39) |
|---|---|
| Product | Pfsense Plus (5ec68f3d-66e2-5fbb-89ed-73f49d117b36) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34178 |
vulnerable | 2026-06-03 15:00:44.205943 |
Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Published: 2025-09-09T20:23:44.475Z
Updated: 2025-11-20T12:22:56.508Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34177 |
vulnerable | 2026-06-03 15:00:44.205485 |
Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Published: 2025-09-09T20:19:09.928Z
Updated: 2025-11-20T12:23:06.521Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34176 |
vulnerable | 2026-06-03 15:00:44.204893 |
Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Published: 2025-09-09T20:14:37.899Z
Updated: 2025-11-20T12:23:14.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34175 |
vulnerable | 2026-06-03 15:00:44.204310 |
Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
Published: 2025-09-09T20:09:50.289Z
Updated: 2025-11-20T12:23:27.465Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.