CVE-2025-34172
Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting
CVSS Score
0.0
EPSS Score
1.0%
EPSS Percentile
58th
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
| CWE | CWE-79 |
| Vendor | netgate |
| Product | pfsense ce |
| Published | Sep 9, 2025 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for netgate pfsense ce
Be the first to know when new unknown vulnerabilities affecting netgate pfsense ce are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Netgate / pfSense CE
0.63_10
References
Credits
Alex Williams (Pellera Technologies)