CVE-2019-25369
- Source
- https://cve.org/CVERecord?id=CVE-2019-25369
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25369.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-25369
- Published
- 2026-02-15T14:16:06.370Z
- Modified
- 2026-02-20T02:28:42.775836Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.
- References
Affected packages
Git / github.com/opnsense/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opnsense/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
15.*
15.1
15.1.1
15.1.10
15.1.10.1
15.1.10.2
15.1.11
15.1.11.1
15.1.11.2
15.1.11.3
15.1.11.4
15.1.12
15.1.2
15.1.3
15.1.4
15.1.5
15.1.6
15.1.6.1
15.1.7
15.1.7.1
15.1.7.2
15.1.8
15.1.8.1
15.1.8.2
15.1.8.3
15.1.8.4
15.1.9
15.1.9.1
15.1.9.2
15.7
16.*
16.7.a
16.7.b
16.7.r
17.*
17.1.a
17.1.b
17.1.r
17.7.a
17.7.b
17.7.r
18.*
18.1.a
18.1.b
18.1.r
18.7.a
18.7.b
18.7.r
19.*
19.1.a
19.1.b
19.1.r