CVE-2022-29273: XSS
First published: Wed Feb 22 2023(Updated: )
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate pfSense | <=2.6.0 | |
| Netgate pfSense | <22.05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2022-29273.
What is the title of this vulnerability?
The title of this vulnerability is 'pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias U…'
What is the severity rating of CVE-2022-29273?
The severity rating of CVE-2022-29273 is medium (6.1).
Which software versions are affected by this vulnerability?
pfSense CE through 2.6.0 and pfSense Plus before 22.05 are affected by this vulnerability.
How can this vulnerability be exploited?
This vulnerability can be exploited via URL Table Alias URL parameters in the pfSense WebGUI, allowing for cross-site scripting (XSS).
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/netgate
- canonical/netgate pfsense
- version/netgate pfsense/2.6.0