What is CVE-2023-39007?

CVE-2023-39007 is a vulnerability in N/a. Published 2023-08-09.

Is CVE-2023-39007 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-39007

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.

EPSS: 0.541 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c
logicaltrust.net/blog/2023/08/opnsense.html
github.com/opnsense/core/compare/23.1.11...23.7

Frequently asked questions

What is CVE-2023-39007?: CVE-2023-39007 is a vulnerability in N/a. Published 2023-08-09.
Is CVE-2023-39007 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.