VYPR
Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Mar 5, 2026

IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi

CVE-2019-25399

Description

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ipfire/Ipfirellm-fuzzy2 versions
    = 2.21 Core Update 127+ 1 more
    • (no CPE)range: = 2.21 Core Update 127
    • (no CPE)range: IPFire 2.21 - Core Update 127

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.