CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-19678
https://notcve.org/view.php?id=CVE-2020-19678
06 Apr 2023 — Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4694
https://notcve.org/view.php?id=CVE-2014-4694
02 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables. Múltiples vulnerabilidades de XSS en suricata_select_alias.php en el paquete Suricata anterior a 1.0.6 para pfSense hasta 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de variables no especificadas. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4696
https://notcve.org/view.php?id=CVE-2014-4696
02 Jul 2014 — Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php. Múltiples vulnerabilidades de redirección abierta en el paquete Suricata anterior a 1.0.6 para pfSense hasta 2.1.4 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y real... • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc •