CVE-2019-25372

EIP tracks 1 public exploit for CVE-2019-25372. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple reflected and stored XSS vulnerabilities in OPNsense 19.1. It provides specific URLs, methods, parameters, and payloads for each XSS vector.

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a user's browser session.