exploitDog

CVE-2019-25376

Опубликовано: 15 фев. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL parameter to execute arbitrary scripts in users' browsers.

Ссылки

https://forum.opnsense.org/index.php?topic=11469.0
Release Notes
https://opnsense.org
Product
https://www.exploit-db.com/exploits/46351
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-proxy-endpoint
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opnsense:opnsense:19.1:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00022

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2444-5vx9-4q2f

CVSS3: 6.1

github

около 1 месяца назад

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL parameter to execute arbitrary scripts in users' browsers.

EPSS

Процентиль: 6%

0.00022

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79