CVE-2019-25369

Source
https://cve.org/CVERecord?id=CVE-2019-25369
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25369.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25369
Published
2026-02-15T14:16:06.370Z
Modified
2026-07-08T17:17:16.588678Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.

References

Affected packages

Git / github.com/opnsense/core

Affected ranges

Type
GIT
Repo
https://github.com/opnsense/core
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:opnsense:opnsense:19.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "19.1"
        },
        {
            "last_affected": "19.1"
        }
    ]
}

Affected versions

19.*
19.1
19.1.r

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25369.json"