CVE-2025-34178

Name of the Vulnerable Software and Affected Versions: pfSense CE (affected versions not specified)

Description: The policy name parameter in /suricata/suricata app parsers.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored cross-site scripting (XSS). An attacker must be authenticated with at least “WebCfg - Services: suricata package” permissions to exploit this issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.