CVE-2019-25373

Name of the Vulnerable Software and Affected Versions OPNsense version 19.1

Description OPNsense 19.1 contains a stored cross-site scripting issue that permits authenticated attackers to inject malicious scripts. This is achieved by submitting crafted input to the category parameter. Attackers can send POST requests to the ''firewall rules edit.php'' endpoint with script payloads in the category field, leading to the execution of arbitrary JavaScript in the browsers of other users accessing firewall rule pages.

Recommendations Update to a newer version that contains a fix for this vulnerability.