An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
{
"cpe": "cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "20.1.5"
}
],
"source": "CPE_RANGE"
}