CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.6%

CVSS Severity

CVSS v3 Score 6.4

References

https://forum.opnsense.org/index.php?topic=11469.0
https://opnsense.org
https://www.exploit-db.com/exploits/46351
https://www.vulncheck.com/advisories/opnsense-stored-xss-via-firewallruleseditphp

Products affected by CVE-2019-25373

Opnsense » Opnsense » Version: 19.1

cpe:2.3:a:opnsense:opnsense:19.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25373

Products

Pricing

Contact Us