CVE-2025-34307 IPFire < v2.29 Stored XSS via Default Country Search

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default value...

CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

CVE-2025-34306

IPFire

CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

CVE-2025-34308

IPFire 2.x before 2.29 (Core Update 198) has a stored XSS via the UPDATE_VALUE parameter when updating Time Server settings. An authenticated user can submit arbitrary JavaScript to /cgi-bin/time.cgi; the value is stored and later rendered in the web interface, allowing script execution in other ...

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

CVE-2025-34318

IPFire

CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

CVE-2025-34317 IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi)

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HT...

CVE-2025-34317

IPFire before 2.29 (Core Update 198) suffers a stored XSS via the TLS_HOSTNAME parameter when adding DNS entries. An authenticated attacker can inject JavaScript through /cgi-bin/dns.cgi (TLS_HOSTNAME), which is stored and later rendered in the web interface, allowing script execution in other us...

CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

CVE-2025-34309

IPFire

CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

CVE-2025-34301

IPFire R2 (before 2.29 Core Update 198) is vulnerable to stored XSS via the COUNTRY_CODE parameter when creating a location group. An authenticated attacker can supply malicious JavaScript in COUNTRY_CODE, which is stored and later rendered in the web interface without proper sanitization/encodin...

CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

EUVD-2025-36517

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34316

IPFire

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...