Product:

Opnsense

(Opnsense)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 19
Date Id Summary Products Score Patch Annotated
2023-08-09 CVE-2023-39006 The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. Opnsense 5.4
2023-08-09 CVE-2023-39007 /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. Opnsense 9.6
2023-08-09 CVE-2023-39008 A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. Opnsense 9.8
2023-09-28 CVE-2023-44275 OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. Opnsense 5.4
2023-09-28 CVE-2023-44276 OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. Opnsense 5.4
2021-11-08 CVE-2021-42770 A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. Opnsense 6.1
2021-05-03 CVE-2020-23015 An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. Opnsense 6.1
2019-05-20 CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. Pfsense, Opnsense N/A
2019-06-17 CVE-2018-18958 OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. Opnsense 6.5