CNNVD-202509-1200 Information
CNNVD ID
CNNVD-202509-1200
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
Netgate pfSense CE是Netgate公司的一个基于FreeBSD的开源防火墙与路由平台,支持企业级网络安全与网络管理功能。 Netgate pfSense CE存在安全漏洞,该漏洞源于start-day参数未验证为数字或清理HTML字符,可能导致存储型跨站脚本攻击。
Description (English)
Netgate pfSense CE, an open-source firewall and route platform based on FreeBSD for Netgate, supports enterprise-level network security and network management functions. Netgate pfSense CE has a security loophole, which stems from the fact that the start-day parameter is not certified as a number or cleanup of HTML characters, which may result in a storage-type cross-station script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NETGATE
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/pfsense/FreeBSD-ports/commit/9e412edf62113303c36c7f7d5a48b0a3fb0be893 https://redmine.pfsense.org/issues/16413 https://access.redhat.com/security/cve/cve-2025-34174 https://vigilance.fr/vulnerability/pfSense-CE-Cross-Site-Scripting-via-status-traffic-totals-php-48192
Patch
https://www.pfsense.org/download/
Share on: