CVE-2019-25370

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-25370
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25370.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25370
Published
2026-02-15T14:16:06.550Z
Modified
2026-03-10T22:43:24.455656Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.

References

Affected packages

Git / github.com/opnsense/core

Affected ranges

Type
GIT
Repo
https://github.com/opnsense/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
33279d1d2410a4bfa2896efd2f033b8234396ad8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.1"
        }
    ]
}

Affected versions

15.*
15.1
15.1.1
15.1.10
15.1.10.1
15.1.10.2
15.1.11
15.1.11.1
15.1.11.2
15.1.11.3
15.1.11.4
15.1.12
15.1.2
15.1.3
15.1.4
15.1.5
15.1.6
15.1.6.1
15.1.7
15.1.7.1
15.1.7.2
15.1.8
15.1.8.1
15.1.8.2
15.1.8.3
15.1.8.4
15.1.9
15.1.9.1
15.1.9.2
15.7
16.*
16.7.a
16.7.b
16.7.r
17.*
17.1.a
17.1.b
17.1.r
17.7.a
17.7.b
17.7.r
18.*
18.1.a
18.1.b
18.1.r
18.7.a
18.7.b
18.7.r
19.*
19.1.a
19.1.b
19.1.r

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25370.json"