Security Advisory

CVE-2019-25371

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-15 13:58:53

Last updated 2026-05-24 01:36:25

Assigner VulnCheck

State PUBLISHED

Description

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint with script payloads in the host parameter to execute arbitrary JavaScript in users browsers.

← Browse all CVEs View on cve.org ↗