CVE-2025-34177
09.09.2025, 21:15
In pfSense CE/suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Awaiting analysis
This vulnerability is currently awaiting analysis.