Vulnerabilities > Pfsense > Pfsense Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-23993 | Cross-site Scripting vulnerability in Pfsense and Pfsense Plus /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | 6.1 |