2 matches found
CVE-2025-50975
The CVE-2025-50975 entry concerns IPFire 2.29, where the web-based firewall interface (firewall.cgi) does not sanitize multiple rule parameters (PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, tgt_addr). This allows an authenticated administrator to inject persistent J...
DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-49087)
DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the failure of the htmlspecialchars function for the 'menudescription' variable in...