Lucene search

GoogleOSV:CVE-2023-39002

HistoryAug 09, 2023 - 7:15 p.m.

CVE-2023-39002

2023-08-0919:15:14

Google

osv.dev

cve-2023-39002

cross-site scripting

opnsense

community edition

business edition

arbitrary web scripts

html

vulnerability

act parameter

crafted payload

security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

References

github.com/opnsense/core/commit/a4f6a8f8d604271f81984cfcbba0471af58e34dc

logicaltrust.net/blog/2023/08/opnsense.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Related for OSV:CVE-2023-39002