Cross site scripting

2023-09-2805:15:00

PRIOn knowledge base

www.prio-n.com

opnsense

version 23.7.5

xss

vulnerability

lobby dashboard

0.001 Low

EPSS

Percentile

20.1%

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.

CPENameOperatorVersion
opnsenselt23.7.5

CPE	Name	Operator	Version
	opnsense	lt	23.7.5

References

github.com/opnsense/core/commit/484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7

github.com/opnsense/core/compare/23.7.4...23.7.5

www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense

0.001 Low

EPSS

Percentile

20.1%

Related for PRION:CVE-2023-44276