SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  pfSense policy_name XSS

Category: WEB-ATTACKS      

In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0