{"id":"CVE-2022-23993","details":"/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.","modified":"2026-07-15T01:49:14.670969304Z","published":"2022-01-26T18:22:26Z","database_specific":{"unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"2.6.0"},{"fixed":"22.01"}]}],"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23993.json"},"references":[{"type":"WEB","url":"https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23993.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23993"},{"type":"FIX","url":"https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/pfsense","events":[{"introduced":"0"},{"fixed":"5d82cce0d615a76b738798577a28a15803e59aeb"}],"database_specific":{"source":"REFERENCES"}}],"versions":["RELENG_2_2_BETA","Root_RELENG_1_2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23993.json"}}],"schema_version":"1.7.5"}