/usr/local/www/pkg.php in pfSense CE prior to 2.6.0 and pfSense Plus prior to 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pfsense pfsense plus |
||
pfsense pfsense |