VYPR
Unrated severityNVD Advisory· Published Jul 2, 2014· Updated Jun 17, 2026

CVE-2014-4693

CVE-2014-4693

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.

Affected products

4
  • Netgate/Pfsense2 versions
    cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*range: <=2.1.4
    • cpe:2.3:a:netgate:pfsense:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pfsense:snort_package:*:*:*:*:*:*:*:*
    Range: <=3.0.12
  • Pfsense/Snortllm-create
    Range: <3.0.13

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.