Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2022-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | |||||
CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2021-05-11 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | |||||
CVE-2019-11816 | 2 Netgate, Opnsense | 2 Pfsense, Opnsense | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | |||||
CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2019-06-19 | 4.0 MEDIUM | 6.5 MEDIUM |
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. |