Security Advisory

CVE-2019-25372

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-15 13:58:54

Last updated 2026-03-05 01:26:19

Assigner VulnCheck

State PUBLISHED

Description

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a users browser session.

← Browse all CVEs View on cve.org ↗