Detections
Analytics

CVE-2019-25369

medium

Description

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.

References

https://www.vulncheck.com/advisories/opnsense-stored-xss-via-systemadvancedsysctlphp

https://www.exploit-db.com/exploits/46351

https://opnsense.org

https://forum.opnsense.org/index.php?topic=11469.0

Details

Source: Mitre, NVD

Published: 2026-02-15

Updated: 2026-02-15

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium