Dismissed
Permalink
CVE-2019-25373
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @jopejoe1 Activity log
- Created automatic suggestion
-
@jopejoe1
removed
6 packages
- prometheus-opnsense-exporter
- python313Packages.pyopnsense
- python312Packages.pyopnsense
- python314Packages.pyopnsense
- home-assistant-component-tests.opnsense
- tests.home-assistant-component-tests.opnsense
- @jopejoe1 dismissed
OPNsense 19.1 Stored XSS via firewall_rules_edit.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.
References
- ExploitDB-46351 exploit
- OPNsense Official Website product
- OPNsense 19.1.1 Release Announcement patch
- VulnCheck Advisory: OPNsense 19.1 Stored XSS via firewall_rules_edit.php third-party-advisory
- ExploitDB-46351 exploit
- OPNsense Official Website product
- OPNsense 19.1.1 Release Announcement patch
- VulnCheck Advisory: OPNsense 19.1 Stored XSS via firewall_rules_edit.php third-party-advisory
Affected products
OPNsense
- ==19.1