CVE-2023-44276 Information

Description

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.

Reference

https://www.x41-dsec.de/lab/advisories/x41-2023-001-opnsense https://github.com/opnsense/core/commit/484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 https://github.com/opnsense/core/compare/23.7.4…23.7.5