CVE-2019-25375

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25375

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25375.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25375

Published

2026-02-15T14:16:07.417Z

Modified

2026-03-14T04:43:00.481945Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver parameter to execute arbitrary code in users' browsers.

References

Affected packages

Git / github.com/opnsense/core

Affected ranges

Type

GIT

Repo

https://github.com/opnsense/core

Events

Introduced

Last affected

33279d1d2410a4bfa2896efd2f033b8234396ad8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.1"
        }
    ]
}

Affected versions

15.*

15.1

15.1.1

15.1.10

15.1.10.1

15.1.10.2

15.1.11

15.1.11.1

15.1.11.2

15.1.11.3

15.1.11.4

15.1.12

15.1.2

15.1.3

15.1.4

15.1.5

15.1.6

15.1.6.1

15.1.7

15.1.7.1

15.1.7.2

15.1.8

15.1.8.1

15.1.8.2

15.1.8.3

15.1.8.4

15.1.9

15.1.9.1

15.1.9.2

15.7

16.*

16.7.a

16.7.b

16.7.r

17.*

17.1.a

17.1.b

17.1.r

17.7.a

17.7.b

17.7.r

18.*

18.1.a

18.1.b

18.1.r

18.7.a

18.7.b

18.7.r

19.*

19.1.a

19.1.b

19.1.r

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25375.json"