CVE-2019-25377

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25377

Published

2026-02-15T14:16:07.763Z

Modified

2026-03-10T22:43:24.746816Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the context of authenticated user sessions.

References

Affected packages

Git / github.com/opnsense/core

Affected ranges

Type

GIT

Repo

https://github.com/opnsense/core

Events

Introduced

Last affected

33279d1d2410a4bfa2896efd2f033b8234396ad8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.1"
        }
    ]
}

Affected versions

15.*

15.1

15.1.1

15.1.10

15.1.10.1

15.1.10.2

15.1.11

15.1.11.1

15.1.11.2

15.1.11.3

15.1.11.4

15.1.12

15.1.2

15.1.3

15.1.4

15.1.5

15.1.6

15.1.6.1

15.1.7

15.1.7.1

15.1.7.2

15.1.8

15.1.8.1

15.1.8.2

15.1.8.3

15.1.8.4

15.1.9

15.1.9.1

15.1.9.2

15.7

16.*

16.7.a

16.7.b

16.7.r

17.*

17.1.a

17.1.b

17.1.r

17.7.a

17.7.b

17.7.r

18.*

18.1.a

18.1.b

18.1.r

18.7.a

18.7.b

18.7.r

19.*

19.1.a

19.1.b

19.1.r

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25377.json"