CVE-2025-34310

EPSS 0.45%
Veröffentlicht 28.10.2025 14:34:18
Zuletzt bearbeitet 03.11.2025 17:02:04
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters when updating Quality of Service (QoS) settings. When a user updates speeds or classes, the application issues an HTTP POST request to /cgi-bin/qos.cgi and the values for incoming/outgoing speeds and default classes are provided in the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters. The values of these parameters are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected QoS entries.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 16 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ipfire ≫ Ipfire Version < 2.29

Ipfire ≫ Ipfire Version2.29 Updatecore_update183

Ipfire ≫ Ipfire Version2.29 Updatecore_update184

Ipfire ≫ Ipfire Version2.29 Updatecore_update185

Ipfire ≫ Ipfire Version2.29 Updatecore_update186

Ipfire ≫ Ipfire Version2.29 Updatecore_update187

Ipfire ≫ Ipfire Version2.29 Updatecore_update188

Ipfire ≫ Ipfire Version2.29 Updatecore_update189

Ipfire ≫ Ipfire Version2.29 Updatecore_update190

Ipfire ≫ Ipfire Version2.29 Updatecore_update191

Ipfire ≫ Ipfire Version2.29 Updatecore_update192

Ipfire ≫ Ipfire Version2.29 Updatecore_update193

Ipfire ≫ Ipfire Version2.29 Updatecore_update194

Ipfire ≫ Ipfire Version2.29 Updatecore_update195

Ipfire ≫ Ipfire Version2.29 Updatecore_update196

Ipfire ≫ Ipfire Version2.29 Updatecore_update197

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
disclosure@vulncheck.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released

Release Notes

https://bugzilla.ipfire.org/show_bug.cgi?id=13883

Third Party Advisory

Issue Tracking

https://www.vulncheck.com/advisories/ipfire-stored-xss-via-quality-of-service-settings

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-34310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-34310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-34310

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-34310