CVE-2022-23993
CVE-2022-23993 concerns pfSense CE (pre-2.6.0) and pfSense Plus (pre-22.01). The vulnerability arises from how pfSense serves /usr/local/www/pkg.php, where $_REQUEST['pkg_filter'] is echoed, enabling a cross-site scripting (XSS) condition. The issue is rooted in user input being reflected in a PH...