CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to execute arbitrary code in users' browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://forum.opnsense.org/index.php?topic=11469.0
https://opnsense.org
https://www.exploit-db.com/exploits/46351
https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-vpnipsecsettingsphp

Products affected by CVE-2019-25374

Opnsense » Opnsense » Version: 19.1

cpe:2.3:a:opnsense:opnsense:19.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25374

Products

Pricing

Contact Us