Suricata Web UI Reflected/Stored XSS and File Enumeration Vulnerabilities (CVE-2025-34175/34176/34177/34178)

Critical Vulnerability Information Bug ID: #16414 Status: Resolved Priority: High Assigned To: Jim Pingle Category: Suricata Description: - Multiple potential vulnerabilities exist in the Suricata package: - Reflected Cross-Site Scripting (XSS): In , the value of the parameter is returned to the user without encoding. - Reporter: Alex Williams of Pella Technology via VulnCheck, CVE-2025-34175 - File Enumeration: In , the parameter is used to check file existence without sanitizing directory traversal-related characters. Although file contents are not readable, the server leaks whether files exist. - Reporter: Alex Williams of Pella Technology via VulnCheck, CVE-2025-34176 - Stored Cross-Site Scripting (XSS): In and , the value of the parameter is returned to the user without encoding. - Reporter: Alex Williams of Pella Technology via VulnCheck, CVE-2025-34177 and CVE-2025-34178 History: - Updated 2 days ago: Description updated - Updated 1 day ago: Status changed from New to Resolved, completion changed from 0% to 100% - Updated ~24 hours ago: Privacy changed from Yes to No; new package build now available for Plus 25.07.1, Plus 25.07, CE 2.8.1, and CE 2.8.0 versions

Goal Reached Thanks to every supporter — we hit 100%!

Suricata Web UI Reflected/Stored XSS and File Enumeration Vulnerabilities (CVE-2025-34175/34176/34177/34178)