Ipfire
by Ipfire
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34305 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data… | |||
| CVE-2025-34310 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters when updating Quality of… | |||
| CVE-2025-34315 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog server address. When a user… | |||
| CVE-2025-34302 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application… | |||
| CVE-2025-34314 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user… | |||
| CVE-2025-34313 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTA_USERS parameter when creating a user quota rule. When a user adds a new user… | |||
| CVE-2025-34303 | 0.00 | — | 0.00 | Oct 28, 2025 | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. When a whitelisted host… | |||
| CVE-2025-50976 | 0.00 | — | 0.00 | Aug 26, 2025 | IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||
| CVE-2025-50974 | 0.00 | — | 0.00 | Aug 26, 2025 | The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell… | |||
| CVE-2025-50975 | 0.00 | — | 0.00 | Aug 26, 2025 | IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This… | |||
| CVE-2022-36368 | 0.00 | — | 0.01 | Oct 24, 2022 | Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. | |||
| CVE-2020-19204 | 0.00 | — | 0.01 | Jul 12, 2021 | An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute… | |||
| CVE-2020-21142 | 0.00 | — | 0.01 | Jun 28, 2021 | Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. | |||
| CVE-2020-19202 | 0.00 | — | 0.01 | Jun 17, 2021 | An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored… |
- CVE-2025-34305Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data…
- CVE-2025-34310Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters when updating Quality of…
- CVE-2025-34315Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog server address. When a user…
- CVE-2025-34302Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application…
- CVE-2025-34314Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user…
- CVE-2025-34313Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTA_USERS parameter when creating a user quota rule. When a user adds a new user…
- CVE-2025-34303Oct 28, 2025risk 0.00cvss —epss 0.00
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. When a whitelisted host…
- CVE-2025-50976Aug 26, 2025risk 0.00cvss —epss 0.00
IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
- CVE-2025-50974Aug 26, 2025risk 0.00cvss —epss 0.00
The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell…
- CVE-2025-50975Aug 26, 2025risk 0.00cvss —epss 0.00
IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This…
- CVE-2022-36368Oct 24, 2022risk 0.00cvss —epss 0.01
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
- CVE-2020-19204Jul 12, 2021risk 0.00cvss —epss 0.01
An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute…
- CVE-2020-21142Jun 28, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.
- CVE-2020-19202Jun 17, 2021risk 0.00cvss —epss 0.01
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored…
Page 2 of 2