CVE-2014-4693: XSS
First published: Wed Jul 02 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | <=2.1.4 | |
| Netgate pfSense | =2.1.3 | |
| Pfsense Snort Package | <=3.0.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-4693?
CVE-2014-4693 has been classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.
How do I fix CVE-2014-4693?
To address CVE-2014-4693, upgrade to pfSense version 2.1.5 or later, or Snort package version 3.0.13 or later.
Which versions of pfSense are affected by CVE-2014-4693?
CVE-2014-4693 affects pfSense versions up to 2.1.4, including 2.1.3.
What types of attacks can CVE-2014-4693 enable?
CVE-2014-4693 can enable remote attackers to perform cross-site scripting (XSS) attacks, injecting arbitrary web scripts or HTML.
How can I identify if I'm impacted by CVE-2014-4693?
To determine if you are impacted by CVE-2014-4693, check if your pfSense or Snort package versions are prior to the fixed versions.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.1.4
- version/netgate pfsense/2.1.3
- vendor/pfsense
- canonical/pfsense snort package
- version/pfsense snort package/3.0.12