CVE-2023-39000

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 9, 2023

Updated: Oct 10, 2023

CWE ID 79

Summary

CVE-2023-39000 is a reflected cross-site scripting (XSS) vulnerability affecting the OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. This issue lies within the /ui/diagnostics/log/core/ component. An attacker can exploit this flaw by injecting malicious JavaScript code through a specially crafted URL. Successful exploitation could lead to unauthorized access to user sessions or data theft. Users are advised to update their OPNsense installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPNsense

Affected Vendors

Opnsense

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG60Ae
https://www.cve.org/CVERecord?id=CVE-2023-39000
https://nvd.nist.gov/vuln/detail/CVE-2023-39000

Back to Vulnerability Database