CVE-2025-34309

EPSS 5.01%
Veröffentlicht 28.10.2025 14:35:36
Zuletzt bearbeitet 03.11.2025 17:01:58
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

IPFire < v2.29 Stored XSS via Dynamic DNS Host

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS host is added, the application issues an HTTP POST request to /cgi-bin/ddns.cgi and saves the values of the LOGIN, PASSWORD, and SERVICE parameters. The SERVICE value is displayed after the host entry is created, and the LOGIN and PASSWORD values are displayed when that host entry is edited. The values of these parameters are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view or edit the affected Dynamic DNS entries.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 16 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ipfire ≫ Ipfire Version < 2.29

Ipfire ≫ Ipfire Version2.29 Updatecore_update183

Ipfire ≫ Ipfire Version2.29 Updatecore_update184

Ipfire ≫ Ipfire Version2.29 Updatecore_update185

Ipfire ≫ Ipfire Version2.29 Updatecore_update186

Ipfire ≫ Ipfire Version2.29 Updatecore_update187

Ipfire ≫ Ipfire Version2.29 Updatecore_update188

Ipfire ≫ Ipfire Version2.29 Updatecore_update189

Ipfire ≫ Ipfire Version2.29 Updatecore_update190

Ipfire ≫ Ipfire Version2.29 Updatecore_update191

Ipfire ≫ Ipfire Version2.29 Updatecore_update192

Ipfire ≫ Ipfire Version2.29 Updatecore_update193

Ipfire ≫ Ipfire Version2.29 Updatecore_update194

Ipfire ≫ Ipfire Version2.29 Updatecore_update195

Ipfire ≫ Ipfire Version2.29 Updatecore_update196

Ipfire ≫ Ipfire Version2.29 Updatecore_update197

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.01%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
disclosure@vulncheck.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released

Release Notes

https://bugzilla.ipfire.org/show_bug.cgi?id=13884

Third Party Advisory

Issue Tracking

https://www.vulncheck.com/advisories/ipfire-stored-xss-via-dynamic-dns-host

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-34309

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-34309

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-34309

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-34309