Filtered by vendor Opnsense
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path. | |||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-38999 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39002 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-39006 | 1 Opnsense | 1 Opnsense | 2023-08-14 | N/A | 5.4 MEDIUM |
| The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization. | |||||
| CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2022-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | |||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2021-05-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | |||||
| CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2019-06-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | |||||