CVE-2019-25374

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25374

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25374.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25374

Published

2026-02-15T14:16:07.243Z

Modified

2026-03-10T22:43:26.295860Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execute arbitrary code in users' browsers.

References

Affected packages

Git / github.com/opnsense/core

Affected ranges

Type

GIT

Repo

https://github.com/opnsense/core

Events

Introduced

Last affected

33279d1d2410a4bfa2896efd2f033b8234396ad8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.1"
        }
    ]
}

Affected versions

15.*

15.1

15.1.1

15.1.10

15.1.10.1

15.1.10.2

15.1.11

15.1.11.1

15.1.11.2

15.1.11.3

15.1.11.4

15.1.12

15.1.2

15.1.3

15.1.4

15.1.5

15.1.6

15.1.6.1

15.1.7

15.1.7.1

15.1.7.2

15.1.8

15.1.8.1

15.1.8.2

15.1.8.3

15.1.8.4

15.1.9

15.1.9.1

15.1.9.2

15.7

16.*

16.7.a

16.7.b

16.7.r

17.*

17.1.a

17.1.b

17.1.r

17.7.a

17.7.b

17.7.r

18.*

18.1.a

18.1.b

18.1.r

18.7.a

18.7.b

18.7.r

19.*

19.1.a

19.1.b

19.1.r

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25374.json"