Lucene search
K

13 matches found

OSV
OSV
added 2026/02/15 2:16 p.m.6 views

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

6.1CVSS5.3AI score
Exploits0References4
NVD
NVD
added 2026/02/15 2:16 p.m.9 views

CVE-2019-25369

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

6.4CVSS0.00199EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.7 views

EUVD-2019-19420

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

6.1CVSS5.8AI score0.0036EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.8 views

CVE-2019-25375

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

6.1CVSS5.7AI score0.0036EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.3 views

CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.6AI score0.00199EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.17 views

CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in vpn_ipsec_settings.php, exploitable via the passthrough_networks parameter. An attacker can craft POST requests with JavaScript payloads in passthrough_networks to execute arbitrary scripts in affected users’ browsers. Repor...

6.1CVSS5.7AI score0.00319EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.6 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.24 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.3 views

CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score0.00232EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.9 views

PT-2026-8245

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...

6.4CVSS5.5AI score0.00199EPSS
Exploits1References5
Rows per page
Query Builder