CVE-2019-25370

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OPNsense version 19.1

Description OPNsense version 19.1 is subject to a reflected cross-site scripting issue. Successful exploitation allows attackers to inject malicious scripts. This is achieved by submitting crafted input through multiple parameters. Specifically, attackers can send POST requests to the ''interfaces vlan edit.php'' endpoint. The tag, descr, and vlanif parameters are vulnerable to script payloads, enabling the execution of arbitrary JavaScript in users' browsers.

Recommendations Apply input validation and output encoding to the tag, descr, and vlanif parameters in the ''interfaces vlan edit.php'' endpoint.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25370

Affected Products

Opnsense

CVE-2019-25370

Weakness Enumeration

Related Identifiers

Affected Products

References · 8