338 matches found
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...
IPFire BE_NAME Parameter Command Injection Vulnerability
IPFire is an open source Linux distribution from the IPFire organization that is primarily used as a router and firewall. A command injection vulnerability exists in the IPFire BENAME parameter, which stems from improper handling of the BENAME parameter when installing a blacklist, and can be...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27635)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability caused by multiple methods in the cleanhtml function that improperly validate user-supplied input. An attacker could use this...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27637)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. A cross-site scripting vulnerability exists in IPFire that stems from the COUNTRYCODE parameter not being properly cleaned and encoded, which can be exploited by an attacker to...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27648)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27643)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27706)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27703)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient PROT parameter cleanup and escaping, which can be exploited by an attacker to steal a victim's...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27644)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, an...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...
CVE-2025-34304
IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...
CVE-2025-34302
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...
CVE-2025-34313
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...
CVE-2025-34317
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HT...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34315
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...
CVE-2025-34306
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...
CVE-2025-34316
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...
CVE-2025-34303
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNOREENTRYREMARK parameter when adding a whitelisted host. When a whitelisted host is added, an HTTP POST...