/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Opnsense
  • Opnsense

Configuration 1 [-]

cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c Patch
https://github.com/opnsense/core/compare/23.1.11...23.7
https://logicaltrust.net/blog/2023/08/opnsense.html Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-09T00:00:00

Updated: 2023-10-10T22:39:07.975205

Reserved: 2023-07-25T00:00:00

Link: CVE-2023-39007

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-08-09T19:15:15.207

Modified: 2023-10-10T23:15:10.710

Link: CVE-2023-39007

JSON object: View

cve-icon Redhat Information

No data.

CWE