CVE-2022-29273

Name of the Vulnerable Software and Affected Versions pfSense CE versions 2.6.0 and earlier pfSense Plus versions prior to 22.05

Description The issue allows for XSS in the WebGUI via URL Table Alias URL parameters. This means an attacker could potentially inject malicious scripts into the web interface of the affected software, exploiting the URL parameter in the URL Table Alias functionality.

Recommendations For pfSense CE versions 2.6.0 and earlier, update to a version later than 2.6.0. For pfSense Plus versions prior to 22.05, update to version 22.05 or later. As a temporary workaround, consider restricting access to the WebGUI to minimize the risk of exploitation.