Cross-Site Scripting Vulnerabilities in Snort Package for pfSense
CVE-2014-4693

Currently unrated

Key Information:

Vendor: Pfsense
Status: Snort Package; Pfsense
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-4693?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Snort package prior to version 3.0.13 for pfSense. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML. Specifically, attackers can exploit the 'eng' parameter in snort_import_aliases.php, as well as unspecified variables in snort_select_alias.php, potentially compromising the integrity of the application and leading to unauthorized access to sensitive information.

References

https://pfsense.org/security/advisories/pfSense-SA-14_13....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 28, 2014

Pfsense

What is CVE-2014-4693?

References

Timeline