CVE-2023-39002
published 2023-08-09CVE-2023-39002: A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.16%
63.2th percentile
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opnsense | opnsense | < 23.7 | 23.7 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OPNsense - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-39002 [MEDIUM] OPNsense - Cross-Site Scripting
OPNsense - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Template:
id: CVE-2023-39002
info:
name: OPNsense - Cross-Site Scripting
author: Herry
severity: medium
description: |
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
impact: |
Authenticated attackers can inject malicious JavaScript through the act parameter in system_certmanager.php to steal OPNsense administrator session cookies and gain control of the firewall configuration.
remediation: |
Update OPNsense to version
No writeups or analysis indexed.
2023-08-09
Published