exploitDog

CVE-2019-25377

Опубликовано: 15 фев. 2026

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the context of authenticated user sessions.

Ссылки

https://forum.opnsense.org/index.php?topic=11469.0
Release Notes
https://opnsense.org
Product
https://www.exploit-db.com/exploits/46351
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-systemadvancedsysctlphp
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opnsense:opnsense:19.1:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00243

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hp2h-w474-f9g4

CVSS3: 5.4

github

4 месяца назад

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the context of authenticated user sessions.

EPSS

Процентиль: 15%

0.00243

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79