Lucene search

[email protected]CVE-2023-39000

HistoryAug 09, 2023 - 7:15 p.m.

CVE-2023-39000

2023-08-0919:15:14

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-39000

xss

opnsense

community edition

business edition

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.

Affected configurations

NVD

Node

opnsenseopnsenseRange<23.7

CPENameOperatorVersion
opnsense:opnsenseopnsenselt23.7

CPE	Name	Operator	Version
opnsense:opnsense	opnsense	lt	23.7

References

github.com/opnsense/core/commit/d1f350ce70e477adc86d445f5cda9b24f9ff0168

logicaltrust.net/blog/2023/08/opnsense.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-39000

osv1 nvd1 prion1 cvelist1