exploitDog

CVE-2019-25373

Опубликовано: 15 фев. 2026

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.

Ссылки

https://forum.opnsense.org/index.php?topic=11469.0
Release Notes
https://opnsense.org
Product
https://www.exploit-db.com/exploits/46351
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/opnsense-stored-xss-via-firewallruleseditphp
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opnsense:opnsense:19.1:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-xq5r-rwpv-6jwc

CVSS3: 6.4

github

около 2 месяцев назад

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.

EPSS

Процентиль: 9%

0.00032

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79