Cross-Site Scripting Vulnerability in OPNsense by Deciso
CVE-2023-44276

5.4MEDIUM

Key Information:

Vendor: Opnsense
Status: Opnsense
Vendor: CVE Published:; 28 September 2023

What is CVE-2023-44276?

A Cross-Site Scripting (XSS) vulnerability exists in OPNsense software prior to version 23.7.5. This vulnerability is exploitable via the 'index.php' sequence parameter in the Lobby Dashboard, potentially allowing an attacker to execute arbitrary scripts in the context of the user's session. Users of affected OPNsense versions are encouraged to update to the latest version to mitigate this risk.

References

https://www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense

https://github.com/opnsense/core/compare/23.7.4...23.7.5

https://github.com/opnsense/core/commit/484753b2abe3fd0fc...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Sep 28, 2023

CVE-2023-44276 Data

JSON

Opnsense

What is CVE-2023-44276?

References

CVSS V3.1

Timeline