Dismissed
Permalink
CVE-2019-25369
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @jopejoe1 Activity log
- Created automatic suggestion
-
@jopejoe1
removed
6 packages
- prometheus-opnsense-exporter
- python312Packages.pyopnsense
- python313Packages.pyopnsense
- python314Packages.pyopnsense
- home-assistant-component-tests.opnsense
- tests.home-assistant-component-tests.opnsense
- @jopejoe1 dismissed
OPNsense 19.1 Stored XSS via system_advanced_sysctl.php
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.
References
- ExploitDB-46351 exploit
- OPNsense Official Website product
- OPNsense 19.1.1 Release Announcement patch
- VulnCheck Advisory: OPNsense 19.1 Stored XSS via system_advanced_sysctl.php third-party-advisory
- ExploitDB-46351 exploit
- OPNsense Official Website product
- OPNsense 19.1.1 Release Announcement patch
- VulnCheck Advisory: OPNsense 19.1 Stored XSS via system_advanced_sysctl.php third-party-advisory
Affected products
OPNsense
- ==19.1