Opnsense

Opnsense

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-25373

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.02.2026 13:58:55
  • Zuletzt bearbeitet 18.02.2026 19:13:06

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with...

6.1

CVE-2019-25372

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.02.2026 13:58:54
  • Zuletzt bearbeitet 18.02.2026 19:13:34

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through P...

6.1

CVE-2019-25371

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.02.2026 13:58:53
  • Zuletzt bearbeitet 18.02.2026 19:14:24

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to t...

6.1

CVE-2019-25370

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.02.2026 13:58:52
  • Zuletzt bearbeitet 18.02.2026 19:15:01

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script ...

5.4

CVE-2019-25369

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.02.2026 13:58:52
  • Zuletzt bearbeitet 18.02.2026 19:15:41

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script paylo...

5.4

CVE-2019-25368

Exploit
  • EPSS 0.02%
  • Veröffentlicht 15.02.2026 13:58:51
  • Zuletzt bearbeitet 18.02.2026 19:16:55

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackup...

9.1

CVE-2025-50989

Exploit
  • EPSS 1.49%
  • Veröffentlicht 27.08.2025 00:00:00
  • Zuletzt bearbeitet 26.09.2025 14:10:41

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or es...

9.8

CVE-2023-27152

Exploit
  • EPSS 0.15%
  • Veröffentlicht 23.10.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:52:23

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.

5.4

CVE-2023-44276

Exploit
  • EPSS 0.2%
  • Veröffentlicht 28.09.2023 05:15:46
  • Zuletzt bearbeitet 21.11.2024 08:25:34

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.

5.4

CVE-2023-44275

Exploit
  • EPSS 0.21%
  • Veröffentlicht 28.09.2023 05:15:46
  • Zuletzt bearbeitet 21.11.2024 08:25:34

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.