CVE-2019-25372 in OPNsenseinformation

Résumé

par MITRE • 15/02/2026

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a user's browser session.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsable

VulnCheck

Réserver

15/02/2026

Divulgation

15/02/2026

Modérer

accepté

Entrée

VDB-346132

CPE

prêt

Exploitation

Télécharger

EPSS

0.00241

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!