CVE-2023-39002

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 9, 2023

Updated: Oct 10, 2023

CWE ID 79

Summary

CVE-2023-39002 is a newly identified cross-site scripting (XSS) vulnerability affecting OPNsense Community Edition versions prior to 23.7 and Business Edition versions before 23.4.2. This issue resides in the 'act' parameter of the 'system_certmanager.php' file. Successful exploitation enables attackers to inject and execute arbitrary web scripts or HTML codes on vulnerable systems. The risk is significant, as it can lead to unauthorized access, data theft, or even system compromise. Immediate updates or patches are strongly recommended to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPNsense

Affected Vendors

Opnsense

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6MHX
https://www.cve.org/CVERecord?id=CVE-2023-39002
https://nvd.nist.gov/vuln/detail/CVE-2023-39002

Back to Vulnerability Database