VYPR
Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Mar 5, 2026

IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi

CVE-2019-25397

Description

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ipfire/Ipfirellm-fuzzy2 versions
    = 2.21 Core Update 127+ 1 more
    • (no CPE)range: = 2.21 Core Update 127
    • (no CPE)range: IPFire 2.21 - Core Update 127

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.