72 matches found
CVE-2019-25377
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...
CVE-2019-25369
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
CVE-2019-25375
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...
EUVD-2019-19420
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...
CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...
CVE-2019-25374
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in vpn_ipsec_settings.php, exploitable via the passthrough_networks parameter. An attacker can craft POST requests with JavaScript payloads in passthrough_networks to execute arbitrary scripts in affected users’ browsers. Repor...
CVE-2019-25372
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371
CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...
CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...
PT-2026-8245
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...
PT-2026-8248
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the ignoreLogACL parameter in t...
Oracle GoldenGate for Big Data Resource Allocation Vulnerability 19.1.x < 19.1.0.0.21 / 21.x < 21.21.0.0.0 (October 2025 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API...
Oracle GoldenGate Multiple vulnerabilities 19.1.x < 19.29.0.0.251021 / 21.19.x < 21.20.0.0 / 23.9.x < 23.10.0.25.10 (October 2025 CPU)
The 19.1.x / 21.19.x / 23.9.x versions of GoldenGate installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Security-in-Depth issue in Oracle GoldenGate component: OGG Configuration Assistant JSON-java. This vulnerability cannot be exploited...
CVE-2025-14625
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows Nios II Command Shell modules, Altera Quartus Prime Lite on Windows Nios II Command Shell modules allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Pri...
CVE-2025-14625
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows Nios II Command Shell modules, Altera Quartus Prime Lite on Windows Nios II Command Shell modules allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Pri...
CVE-2025-14625
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows Nios II Command Shell modules, Altera Quartus Prime Lite on Windows Nios II Command Shell modules allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Pri...