CVE-2025-34306

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

CVE-2025-34302

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34302

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34307

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default value...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34304

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34303

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNOREENTRYREMARK parameter when adding a whitelisted host. When a whitelisted host is added, an HTTP POST...

CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...

CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...

CVE-2025-34311

IPFire

CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...

CVE-2025-34312

IPFire

CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist

IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...

CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34304

IPFire

CVE-2025-34307 IPFire < v2.29 Stored XSS via Default Country Search

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default value...

CVE-2025-34307 IPFire < v2.29 Stored XSS via Default Country Search

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default value...