During my internship at Orange I manage to find an XSS Vulnerability in OPNSense's' Firewall which could potentially lead to arbitrary administrator account creation via a CSRF.