CVE-2022-23993
on github
Published
Severity
CVSS v3:
6.1 MEDIUM
CVSS v2:
4.3 MEDIUM
Description
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:pfsense:pfsense_plus:*:*:*:*:*:*:*:* | n/a | 22.01 | * |
| cpe:2.3:a:pfsense:pfsense:*:*:*:*:*:*:*:* | n/a | 2.6.0 | * |