Lucene search

[email protected]NVD:CVE-2023-44275

HistorySep 28, 2023 - 5:15 a.m.

CVE-2023-44275

2023-09-2805:15:46

CWE-79

[email protected]

web.nvd.nist.gov

opnsense

xss

vulnerability

index.php

column_count

lobby dashboard

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.1%

JSON

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.

Affected configurations

NVD

Node

opnsenseopnsenseRange<23.7.5

References

github.com/opnsense/core/commit/484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7

github.com/opnsense/core/compare/23.7.4...23.7.5

www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense