338 matches found
CVE-2019-25397 IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to...
CVE-2019-25396 IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
CVE-2019-25396
IPFire 2.21 Core Update 127 is vulnerable to a reflected XSS in updatexlrator.cgi. Attackers can submit crafted POST requests with scripts in MAX_DISK_USAGE or MAX_DOWNLOAD_RATE to execute arbitrary JavaScript in users’ browsers. CVSS metrics are provided (CVSS 4.0 base 5.1, CVSS 3.1 base 6.1); n...
CVE-2019-25396 IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of VPN configuration...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. IPFire has a cross-site scripting vulnerability, which stems from insufficient validation of input parameters for FS, PATH, and UUID in the extrahd.cgi script. This...
PT-2026-20499
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to...
PT-2026-20501
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...
PT-2026-20500
IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN IP, DMTU, ccdname,...
PT-2026-20502
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp name, remark, SRV NAME, SRV PORT,...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of KEY1, IP, HOST, or DOM...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the MAXDISKUSAGE or...
PT-2026-20498
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX DISK USAGE or MAX DOWNLOAD RATE...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. IPFire has a cross-site scripting vulnerability, which stems from insufficient validation of parameters such as HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost,...
CVE-2021-33393
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27645)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27646)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleaning and escaping of the pienumber parameter, which can be exploited by an attacker to injec...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27708)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...