PT-2022-16394 · Unknown · Pfsense Plus+1

Fabien Maisonnette

Published

2022-01-26

Updated

2022-04-29

CVE-2022-23993

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pfSense CE versions prior to 2.6.0 pfSense Plus versions prior to 22.01

Description The issue is related to the use of $ REQUEST['pkg filter'] in a PHP echo call within the /usr/local/www/pkg.php file, leading to a potential XSS issue.

Recommendations For pfSense CE versions prior to 2.6.0, update to version 2.6.0 or later. For pfSense Plus versions prior to 22.01, update to version 22.01 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-23993

Affected Products

Pfsense Ce

Pfsense Plus

PT-2022-16394 · Unknown · Pfsense Plus+1

CVE-2022-23993

Weakness Enumeration

Related Identifiers

Affected Products

References · 5