Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Netgate pfSense CE 安全漏洞

Netgate pfSense CE是Netgate公司的一个基于FreeBSD的开源防火墙与路由平台，支持企业级网络安全与网络管理功能。 Netgate pfSense CE存在安全漏洞，该漏洞源于policy_name参数未清理HTML字符，可能导致存储型跨站脚本攻击。

N/A

N/A