CVE-2025-34178

Publication date

2025-09-09 20:23:44

Family

VulnCheck

State

PUBLISHED

Description

In pfSense CEĀ /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.