13 matches found
CVE-2019-25377
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...
CVE-2019-25369
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...
EUVD-2019-19420
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...
CVE-2019-25375
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...
CVE-2019-25373 OPNsense 19.1 Stored XSS via firewall_rules_edit.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...
CVE-2019-25374
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in vpn_ipsec_settings.php, exploitable via the passthrough_networks parameter. An attacker can craft POST requests with JavaScript payloads in passthrough_networks to execute arbitrary scripts in affected users’ browsers. Repor...
CVE-2019-25372
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...
CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25371
CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...
CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...
PT-2026-8245
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall rules edit.php with script payloads in the category field to execu...