VYPR

Vendor CVEs

Ipfire

All CVEs

34 total · sorted by risk
  • CVE-2025-34116HigJul 15, 2025
    risk 0.66cvss epss 0.01

    A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command…

  • CVE-2017-9757HigJun 19, 2017
    risk 0.63cvss 8.8epss 0.39

    IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

  • CVE-2025-34318MedOct 28, 2025
    risk 0.33cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD…

  • CVE-2021-33393Jun 9, 2021
    risk 0.09cvss epss 0.59

    lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar…

  • CVE-2018-16232Oct 17, 2018
    risk 0.03cvss epss 0.08

    An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

  • CVE-2019-25400Feb 18, 2026
    risk 0.00cvss epss 0.00

    IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark,…

  • CVE-2019-25399Feb 18, 2026
    risk 0.00cvss epss 0.00

    IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these…

  • CVE-2019-25398Feb 18, 2026
    risk 0.00cvss epss 0.00

    IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP,…

  • CVE-2019-25397Feb 18, 2026
    risk 0.00cvss epss 0.00

    IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or…

  • CVE-2019-25396Feb 18, 2026
    risk 0.00cvss epss 0.00

    IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or…

  • CVE-2025-34311Oct 28, 2025
    risk 0.00cvss epss 0.14

    IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the…

  • CVE-2025-34312Oct 28, 2025
    risk 0.00cvss epss 0.02

    IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the…

  • CVE-2025-34304Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs,…

  • CVE-2025-34307Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user…

  • CVE-2025-34306Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user…

  • CVE-2025-34308Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATE_VALUE parameter when updating the default time synchronization settings. When…

  • CVE-2025-34317Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the…

  • CVE-2025-34309Oct 28, 2025
    risk 0.00cvss epss 0.05

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host.…

  • CVE-2025-34301Oct 28, 2025
    risk 0.00cvss epss 0.05

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRY_CODE parameter when creating a location group. When a user adds a new location…

  • CVE-2025-34316Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the mail server settings. When…

  • CVE-2025-34305Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data…

  • CVE-2025-34310Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters when updating Quality of…

  • CVE-2025-34315Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog server address. When a user…

  • CVE-2025-34302Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application…

  • CVE-2025-34314Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user…

  • CVE-2025-34313Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTA_USERS parameter when creating a user quota rule. When a user adds a new user…

  • CVE-2025-34303Oct 28, 2025
    risk 0.00cvss epss 0.00

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. When a whitelisted host…

  • CVE-2025-50976Aug 26, 2025
    risk 0.00cvss epss 0.00

    IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

  • CVE-2025-50974Aug 26, 2025
    risk 0.00cvss epss 0.00

    The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell…

  • CVE-2025-50975Aug 26, 2025
    risk 0.00cvss epss 0.00

    IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This…

  • CVE-2022-36368Oct 24, 2022
    risk 0.00cvss epss 0.01

    Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.

  • CVE-2020-19204Jul 12, 2021
    risk 0.00cvss epss 0.01

    An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute…

  • CVE-2020-21142Jun 28, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.

  • CVE-2020-19202Jun 17, 2021
    risk 0.00cvss epss 0.01

    An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored…