IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27635)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability caused by multiple methods in the cleanhtml function that improperly validate user-supplied input. An attacker could use this...

EUVD-2025-36519

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305 IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml()

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305 IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml()

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305

IPFire before 2.29 (Core Update 198) contains multiple stored XSS flaws in the cleanhtml() function at /var/ipfire/header.pl. The bug prevents sanitized input from being written back to the output, so authenticated users submitting data to endpoints such as POST /cgi-bin/wakeonlan.cgi (CLIENT_COM...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability caused by multiple methods in the cleanhtml function that improperly validate user-supplied input. An attacker could use this...

PT-2025-44164

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire installations are affected by multiple stored cross-site scripting XSS issues. These occur because the cleanhtml function located at /var/ipfire/header.pl does not correctly appl...

EUVD-2005-4449

Malware in sbrugna...

EUVD-2024-41608

Malicious code in bioql PyPI...

CVE-2005-4455

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...

CVE-2024-45800

CVE-2024-45800 concerns SnappyMail (Snappymail), a web-based email client. The issue lies in the HTML sanitizer: the cleanHtml() function allows too many invalid HTML elements, which can be coerced by malformed markup into valid markup, enabling a targeted mXSS javascript injection. The documente...

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

SnappyMail 跨站脚本漏洞

SnappyMail is a simple, modern, lightweight and fast web-based e-mail client from Maarten Personal Developers. A cross-site scripting vulnerability exists in SnappyMail versions prior to v2.38.0, which stems from the cleanHtml function allowing too many invalid HTML elements. An attacker can...