2 matches found
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php...
CVE-2023-39007
OPNsense Cron component is affected: Community Edition prior to 23.7 and Business Edition prior to 23.4.2 suffer a Cross-Site Scripting (XSS) via openAction in /ui/cron/item/open (Cron/ItemController.php). The vulnerability is triggered by opening a Cron item and, per CVSS 3.1 details, requires u...