Pfsense: >> Pfsense >> 2.6.0 Security Vulnerabilities
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-09
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-11-09
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-08
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
CVSS Score
4.9
EPSS Score
0.003
Published
2023-10-25
Page 1