CVE-2023-39007
published 2023-08-09CVE-2023-39007: /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in…
PriorityP352critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EXPLOIT
EPSS
2.31%
81.3th percentile
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opnsense | opnsense | < 23.7 | 23.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by matching the XSS payload pattern in HTTP requests to /ui/cron/item/open — look for single-quote injection with alert() in the path parameter.
- →Confirm successful XSS reflection by checking the response body for the unescaped payload string echoed back inside an openDialog() call.
- →Use Shodan/FOFA queries to identify exposed OPNsense instances as potential targets: search for title 'OPNsense' or 'opnsense'.
- →The vulnerability requires authentication; monitor for POST login requests immediately followed by GET requests to /ui/cron/item/open with non-numeric or quote-containing path segments.
- ·The vulnerability affects OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 only; patched versions are not vulnerable.
- ·Exploitation requires an authenticated session; unauthenticated scanning will not trigger the vulnerable code path.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OPNsense - Cross-Site Scripting to RCE
nuclei·CVSS 9.6
CVE-2023-39007 [CRITICAL] OPNsense - Cross-Site Scripting to RCE
OPNsense - Cross-Site Scripting to RCE
There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php.
Template:
id: CVE-2023-39007
info:
name: OPNsense - Cross-Site Scripting to RCE
author: ritikchaddha
severity: critical
description: |
There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php.
impact: |
Authenticated attackers can inject malicious JavaScript through the Cron item opening functionality, potentially escalating to remote code execution and compromising the entire firewall/router system and
No writeups or analysis indexed.
https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25chttps://github.com/opnsense/core/compare/23.1.11...23.7https://logicaltrust.net/blog/2023/08/opnsense.htmlhttps://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25chttps://github.com/opnsense/core/compare/23.1.11...23.7https://logicaltrust.net/blog/2023/08/opnsense.html
2023-08-09
Published