CVE-2022-23993: XSS
First published: Wed Jan 26 2022(Updated: )
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pfSense pfSense | <2.6.0 | |
| pfSense pfSense Plus | <22.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this pfSense vulnerability?
The vulnerability ID for this pfSense vulnerability is CVE-2022-23993.
What is the affected software for this vulnerability?
The affected software for this vulnerability is pfSense CE before 2.6.0 and pfSense Plus before 22.01.
What is the severity of CVE-2022-23993?
The severity of CVE-2022-23993 is medium with a CVSS score of 6.1.
How does CVE-2022-23993 impact pfSense?
CVE-2022-23993 allows for cross-site scripting (XSS) attacks on /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01.
How can I fix CVE-2022-23993 in pfSense?
To fix CVE-2022-23993 in pfSense, you should update to version 2.6.0 for pfSense CE or version 22.01 for pfSense Plus.
- collector/nvd-index
- vendor/pfsense
- canonical/pfsense pfsense
- canonical/pfsense pfsense plus