CVE-2022-23993

2022-01-2619:15:08

Google

osv.dev

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST[‘pkg_filter’] in a PHP echo call, causing XSS.

CPENameOperatorVersion
pfsenseeqRoot_RELENG_1_2
pfsenseeqRELENG_2_2_BETA

CPE	Name	Operator	Version
	pfsense	eq	Root_RELENG_1_2
	pfsense	eq	RELENG_2_2_BETA

References

docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc

github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb