CVE-2019-25370

EIP tracks 1 public exploit for CVE-2019-25370. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple reflected and stored XSS vulnerabilities in OPNsense 19.1. It provides specific URLs, methods, parameters, and payloads for each XSS vector.

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.