2 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php. Múltiples vulnerabilidades de XSS en el paquete Snort anterior a 3.0.13 para pfSense hasta 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro eng en snort_import_aliases.php o (2) variables no especificadas en snort_select_alias.php. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php. Múltiples vulnerabilidades de redirección abierta en el paquete Snort anterior a 3.0.13 para pfSense hasta 2.1.4 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través del parámetro (1) referer en snort_rules_flowbits.php o (2) returl en snort_select_alias.php. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc •