CVE-2022-23993

MEDIUM

pfSense CE <2.6.0 - pfSense Plus <22.01 - XSS

Title source: llm
STIX 2.1

Description

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0024
EPSS Percentile 46.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
pfsense/pfsense < 2.6.0
pfsense/pfsense_plus < 22.01
Published Jan 26, 2022
Tracked Since Feb 18, 2026