Ipfire

Ipfire

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-34308

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:36:37
  • Zuletzt bearbeitet 03.11.2025 17:01:51

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATE_VALUE parameter when updating the default time sync...

5.1

CVE-2025-34318

  • EPSS 0.09%
  • Veröffentlicht 28.10.2025 14:36:19
  • Zuletzt bearbeitet 30.10.2025 15:05:32

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL...

5.4

CVE-2025-34317

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:36:00
  • Zuletzt bearbeitet 03.11.2025 17:03:01

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a...

5.4

CVE-2025-34309

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:35:36
  • Zuletzt bearbeitet 03.11.2025 17:01:58

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or e...

5.4

CVE-2025-34301

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:35:16
  • Zuletzt bearbeitet 03.11.2025 17:00:46

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRY_CODE parameter when creating a location group. When a...

5.4

CVE-2025-34316

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:34:54
  • Zuletzt bearbeitet 03.11.2025 17:02:53

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the...

5.4

CVE-2025-34305

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:34:36
  • Zuletzt bearbeitet 03.11.2025 17:01:29

IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an aut...

5.4

CVE-2025-34310

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:34:18
  • Zuletzt bearbeitet 03.11.2025 17:02:04

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameter...

5.4

CVE-2025-34315

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:33:54
  • Zuletzt bearbeitet 03.11.2025 17:02:45

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog s...

5.4

CVE-2025-34302

  • EPSS 0.05%
  • Veröffentlicht 28.10.2025 14:33:32
  • Zuletzt bearbeitet 03.11.2025 17:01:01

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user ad...