CVE-2019-25372

Medium CVSS: 5.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a user's browser session.

Vendor

Opnsense

Product

Opnsense

CWE

CWE-79

Yayın Tarihi

2026-02-15 14:16:06

Güncelleme

2026-02-18 19:13:34

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Opnsense MEDIUM Opnsense 2026

Referanslar

https://forum.opnsense.org/index.php?topic=11469.0 https://opnsense.org https://www.exploit-db.com/exploits/46351 https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-diagtraceroutephp

Benzer Kayıtlar

Medium

CVE-2026-30868

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform…

Medium

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicio…

Medium

CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts…

Medium

CVE-2019-25375

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject ma…

Medium

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that al…