Nixpkgs Security Tracker

Dismissed

Permalink CVE-2019-25370

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 1 week ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 1 week ago
@jopejoe1 removed
6 packages
- prometheus-opnsense-exporter
- python312Packages.pyopnsense
- python313Packages.pyopnsense
- python314Packages.pyopnsense
- home-assistant-component-tests.opnsense
- tests.home-assistant-component-tests.opnsense
1 month, 1 week ago
@jopejoe1 dismissed 1 month, 1 week ago

OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.

References

ExploitDB-46351 exploit
OPNsense Official Website product
OPNsense 19.1.1 Release Announcement patch
VulnCheck Advisory: OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php third-party-advisory
ExploitDB-46351 exploit
OPNsense Official Website product
OPNsense 19.1.1 Release Announcement patch
VulnCheck Advisory: OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php third-party-advisory

Affected products

OPNsense

==19.1

Not present in nixpkgs

Suggestion detail

References

Affected products