Lucene search
+L

15 matches found

NVD
NVD
added 2026/02/15 2:16 p.m.7 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS0.00241EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.5 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

5.1CVSS5.6AI score
Exploits0References4
CVE
CVE
added 2026/02/15 1:58 p.m.17 views

CVE-2019-25372

OPNsense 19.1 contains a reflected Cross-Site Scripting vulnerability in diag_traceroute.php, caused by insufficient input validation of the host parameter. Unauthenticated attackers can submit crafted POST payloads to execute arbitrary JavaScript in a user’s browser session. The CVSS metrics ind...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.5 views

EUVD-2019-19423

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8244

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag traceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31452

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.04125EPSS
Exploits1References6
NVD
NVD
added 2025/09/28 5:15 a.m.6 views

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

8.8CVSS0.04125EPSS
Exploits1References5
OSV
OSV
added 2025/09/28 5:15 a.m.5 views

CVE-2025-11096

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

8.8CVSS5.6AI score0.04125EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/28 4:32 a.m.4 views

CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS6.7AI score0.04125EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/28 4:32 a.m.22 views

CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS0.04125EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/28 12:0 a.m.7 views

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...

8.8CVSS7.7AI score0.04125EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.4 views

EnGenius多款产品 注入漏洞

The EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. An injection vulnerability exists in several EnGenius products, which stems from a mis-manipulation of the parameter diagtraceroute6 that can lead to command injection. The following products are affected:...

7.2CVSS5.4AI score0.27816EPSS
Exploits1References4
Rows per page
Query Builder