CVE-2019-25373
- Source
- https://cve.org/CVERecord?id=CVE-2019-25373
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25373.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-25373
- Published
- 2026-02-15T14:16:07.067Z
- Modified
- 2026-02-20T02:28:44.180327Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.
- References
Affected packages
Git / github.com/opnsense/core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opnsense/core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
15.*
15.1
15.1.1
15.1.10
15.1.10.1
15.1.10.2
15.1.11
15.1.11.1
15.1.11.2
15.1.11.3
15.1.11.4
15.1.12
15.1.2
15.1.3
15.1.4
15.1.5
15.1.6
15.1.6.1
15.1.7
15.1.7.1
15.1.7.2
15.1.8
15.1.8.1
15.1.8.2
15.1.8.3
15.1.8.4
15.1.9
15.1.9.1
15.1.9.2
15.7
16.*
16.7.a
16.7.b
16.7.r
17.*
17.1.a
17.1.b
17.1.r
17.7.a
17.7.b
17.7.r
18.*
18.1.a
18.1.b
18.1.r
18.7.a
18.7.b
18.7.r
19.*
19.1.a
19.1.b
19.1.r