VYPR
Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Mar 5, 2026

IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi

CVE-2019-25396

Description

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ipfire/Ipfirellm-fuzzy2 versions
    = 2.21 Core Update 127+ 1 more
    • (no CPE)range: = 2.21 Core Update 127
    • (no CPE)range: IPFire 2.21 - Core Update 127

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.