Ipfire

Ipfire

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-25400

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.02.2026 20:59:11
  • Zuletzt bearbeitet 26.02.2026 15:07:02

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK,...

6.4

CVE-2019-25399

Exploit
  • EPSS 0.04%
  • Veröffentlicht 18.02.2026 20:59:10
  • Zuletzt bearbeitet 26.02.2026 15:06:58

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with sc...

6.1

CVE-2019-25398

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.02.2026 20:59:09
  • Zuletzt bearbeitet 26.02.2026 15:06:53

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloa...

6.1

CVE-2019-25397

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.02.2026 20:59:08
  • Zuletzt bearbeitet 26.02.2026 15:06:49

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script paylo...

6.1

CVE-2019-25396

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.02.2026 20:59:07
  • Zuletzt bearbeitet 26.02.2026 15:06:06

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads ...

8.8

CVE-2025-34311

  • EPSS 0.68%
  • Veröffentlicht 28.10.2025 14:43:31
  • Zuletzt bearbeitet 03.11.2025 17:02:11

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creat...

8.8

CVE-2025-34312

  • EPSS 0.47%
  • Veröffentlicht 28.10.2025 14:37:47
  • Zuletzt bearbeitet 03.11.2025 17:02:22

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist...

6.5

CVE-2025-34304

  • EPSS 0.04%
  • Veröffentlicht 28.10.2025 14:37:29
  • Zuletzt bearbeitet 03.11.2025 17:01:19

IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range ...

5.4

CVE-2025-34307

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:37:12
  • Zuletzt bearbeitet 03.11.2025 17:01:43

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country sea...

5.4

CVE-2025-34306

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:36:54
  • Zuletzt bearbeitet 03.11.2025 17:01:37

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP ...