CVE-2025-34182 Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS

In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfacesassign.php, which can result in stored cross-site...

CVE-2025-34182

In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfacesassign.php, which can result in stored cross-site...

CVE-2025-34182

Deciso OPNsense before 25.7.4 is affected by a stored XSS vulnerability in the ptpid parameter used when creating Interfaces: Devices: Point-to-Point entries. The value isn’t sanitized of HTML-related characters/strings and is echoed on interfaces_assign.php, enabling stored XSS. An attacker must...

Deciso OPNsense 安全漏洞

Deciso OPNsense is a firewall and router operating system from the Dutch company Deciso. A security vulnerability exists in Deciso OPNsense versions prior to 25.7.4 that stems from not cleaning up HTML-related characters in the ptpid parameter, which could lead to a stored cross-site scripting...

PT-2025-40279

Name of the Vulnerable Software and Affected Versions Deciso OPNsense versions prior to 25.7.4 Description OPNsense versions prior to 25.7.4 are susceptible to a stored cross-site scripting issue. This occurs when creating a "Interfaces: Devices: Point-to-Point" entry, where the ptpid parameter i...