CNNVD-202510-038 Information

CNNVD ID

CNNVD-202510-038

Related CVE

CVE-2025-34182

• CNNVD Published: 2025-10-01

Description (Chinese)

Deciso OPNsense是荷兰Deciso公司的一个防火墙与路由器操作系统。 Deciso OPNsense 25.7.4之前版本存在安全漏洞，该漏洞源于未清理ptpid参数中的HTML相关字符，可能导致存储型跨站脚本攻击。

Description (English)

Deciso OPNsense is a firewall and router operating system of the Dutch company Deciso. The previous version of Deciso OPNsense 25.7.4 had a security loophole, which originated from the uncleaned HTML-related characters in the ptpid parameter and could result in a storage-type cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Deciso

Published

2025-10-01

Last Modified

2026-02-24

References

https://docs.opnsense.org/releases/CE_25.7.html#september-30-2025 https://www.vulncheck.com/advisories/decisio-opnsense-stored-xss

Patch

https://docs.opnsense.org/releases/CE_25.7.html#september-30-2025