CVE-2019-25376
OPNsense 19.1 is affected by a reflected cross-site scripting (XSS) vulnerability in the proxy endpoint. The ignoreLogACL parameter can be exploited via crafted POST payloads to inject JavaScript, enabling an unauthenticated attacker to execute scripts in users’ browsers. Root cause: improper han...