During my internship at Orange's CERT I manage to find an XSS Vulnerability in OPNSense's' Firewall which could potentially lead to arbitrary administrator account creation via a Cross-site request forgery.

• Mitre: CVE-2021-42770
• CVE details
• Proof of concept