CVE-2023-39002: XSS
First published: Wed Aug 09 2023(Updated: )
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OPNsense OPNsense | <23.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2023-39002.
What is the affected software?
The affected software is OPNsense version up to 23.7.
What is the severity of CVE-2023-39002?
The severity of CVE-2023-39002 is medium with a CVSS score of 6.1.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by injecting crafted payloads in the act parameter of system_certmanager.php.
Is there a fix available for CVE-2023-39002?
Yes, a fix is available. It is recommended to update to OPNsense version 23.7 or higher.
- agent/references
- agent/author
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/weakness
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/opnsense
- canonical/opnsense opnsense