A Cross-site scripting (XSS) vulnerability exists in OPNsense prior to 21.7.4 via the LDAP attribute return in the authentication tester.
opnsense opnsense