Vulnerabilities > Pfsense > Pfsense > 2.4.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-31 | CVE-2021-20729 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | 6.1 |
| 2022-01-26 | CVE-2022-23993 | Cross-site Scripting vulnerability in Pfsense and Pfsense Plus /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | 6.1 |