Lucene search

GoogleOSV:CVE-2023-39000

HistoryAug 09, 2023 - 7:15 p.m.

CVE-2023-39000

2023-08-0919:15:14

Google

osv.dev

xss

opnsense

url

vulnerability

javascript

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.

CPENameOperatorVersion
coreeq15.1.2
coreeq15.1.10.1
coreeq15.1.8.4
coreeq15.1.6
coreeq21.7.r
coreeq18.7.a
coreeq15.1.3
coreeq15.1.4
coreeq23.1.a
coreeq23.1.b

Name	Operator	Version
core	eq	15.1.2
core	eq	15.1.10.1
core	eq	15.1.8.4
core	eq	15.1.6
core	eq	21.7.r
core	eq	18.7.a
core	eq	15.1.3
core	eq	15.1.4
core	eq	23.1.a
core	eq	23.1.b

Rows per page:

1-10 of 731

References

github.com/opnsense/core/commit/d1f350ce70e477adc86d445f5cda9b24f9ff0168

logicaltrust.net/blog/2023/08/opnsense.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2023-39000