Nixpkgs Security Tracker

Dismissed

Permalink CVE-2019-25375

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 1 week ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 1 week ago
@jopejoe1 removed
6 packages
- prometheus-opnsense-exporter
- python312Packages.pyopnsense
- python313Packages.pyopnsense
- python314Packages.pyopnsense
- home-assistant-component-tests.opnsense
- tests.home-assistant-component-tests.opnsense
1 month, 1 week ago
@jopejoe1 dismissed 1 month, 1 week ago

OPNsense 19.1 Reflected XSS via monit interface

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver parameter to execute arbitrary code in users' browsers.

References

OPNsense 19.1.1 Release Announcement patch
VulnCheck Advisory: OPNsense 19.1 Reflected XSS via monit interface third-party-advisory
ExploitDB-46351 exploit
OPNsense Official Website product
VulnCheck Advisory: OPNsense 19.1 Reflected XSS via monit interface third-party-advisory
ExploitDB-46351 exploit
OPNsense Official Website product
OPNsense 19.1.1 Release Announcement patch

Affected products

OPNsense

==19.1

Not present in nixpkgs

Suggestion detail

References

Affected products