CVE-2019-25370

Medium CVSS: 5.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.

Vendor

Opnsense

Product

Opnsense

CWE

CWE-79

Yayın Tarihi

2026-02-15 14:16:06

Güncelleme

2026-02-18 19:15:01

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Opnsense MEDIUM Opnsense 2026

Referanslar

https://forum.opnsense.org/index.php?topic=11469.0 https://opnsense.org https://www.exploit-db.com/exploits/46351 https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-interfacesvlaneditphp

Benzer Kayıtlar

Medium

CVE-2026-30868

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform…

Medium

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicio…

Medium

CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts…

Medium

CVE-2019-25375

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that al…