CVE-2019-25369

Medium CVSS: 5.1

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.

Vendor

Opnsense

Product

Opnsense

CWE

CWE-79

Yayın Tarihi

2026-02-15 14:16:06

Güncelleme

2026-02-18 19:15:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Opnsense MEDIUM Opnsense 2026

Referanslar

https://forum.opnsense.org/index.php?topic=11469.0 https://opnsense.org https://www.exploit-db.com/exploits/46351 https://www.vulncheck.com/advisories/opnsense-stored-xss-via-systemadvancedsysctlphp

Benzer Kayıtlar

Medium

CVE-2026-30868

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform…

Medium

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicio…

Medium

CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts…

Medium

CVE-2019-25375

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that al…