PT-2026-8241 · Opnsense · Opnsense
Ozer Goker
·
Published
2026-02-15
·
Updated
2026-02-15
·
CVE-2019-25369
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OPNsense version 19.1
Description
The software contains a stored cross-site scripting issue in the
system advanced sysctl.php endpoint. Attackers can inject persistent malicious scripts through the tunable parameter by submitting POST requests. These payloads are stored and executed when authenticated users view the page.Recommendations
Apply updates to address the issue. As a temporary workaround, consider restricting access to the
system advanced sysctl.php endpoint.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opnsense