5 matches found
CVE-2025-34301
IPFire R2 (before 2.29 Core Update 198) is vulnerable to stored XSS via the COUNTRY_CODE parameter when creating a location group. An authenticated attacker can supply malicious JavaScript in COUNTRY_CODE, which is stored and later rendered in the web interface without proper sanitization/encodin...
CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...
EUVD-2025-36517
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...
CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...
PT-2025-44160
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire is affected by a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code into the COUNTRY CODE parameter when creating a location...