Vulnerabilities > Opnsense > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-28 CVE-2023-44275 Cross-site Scripting vulnerability in Opnsense
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
network
low complexity
opnsense CWE-79
5.4
2023-09-28 CVE-2023-44276 Cross-site Scripting vulnerability in Opnsense
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
network
low complexity
opnsense CWE-79
5.4
2023-08-09 CVE-2023-38998 Open Redirect vulnerability in Opnsense
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
network
low complexity
opnsense CWE-601
6.1
2023-08-09 CVE-2023-38999 Cross-Site Request Forgery (CSRF) vulnerability in Opnsense
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
network
low complexity
opnsense CWE-352
6.5
2023-08-09 CVE-2023-39000 Cross-site Scripting vulnerability in Opnsense
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.
network
low complexity
opnsense CWE-79
6.1
2023-08-09 CVE-2023-39002 Cross-site Scripting vulnerability in Opnsense
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
opnsense CWE-79
6.1
2023-08-09 CVE-2023-39006 Cross-site Scripting vulnerability in Opnsense
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
network
low complexity
opnsense CWE-79
5.4
2021-11-08 CVE-2021-42770 Cross-site Scripting vulnerability in Opnsense
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.
network
opnsense CWE-79
4.3
2021-05-03 CVE-2020-23015 Open Redirect vulnerability in Opnsense
An open redirect issue was discovered in OPNsense through 20.1.5.
network
opnsense CWE-601
5.8
2019-06-17 CVE-2018-18958 Improper Access Control vulnerability in Opnsense
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
network
low complexity
opnsense CWE-284
4.0