Home > Vulnerability Database > CVE-2014-4693

Mend Vulnerability Database

CVE-2014-4693

Good to know:

Date: July 2, 2014

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.

Language: PHP

Severity Score

4.3

Related Resources (3)

Url: https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-4693

Url: https://www.mend.io/vulnerability-database/CVE-2014-4693

Severity Score

4.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

No fix version available

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2014-4693

Good to know:

Date: July 2, 2014

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v2

Do you need more information?