CVE-2025-1663
published 2025-04-03CVE-2025-1663: The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.20%
9.5th percentile
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unitecms | unlimited_elements_for_elementor | <= 1.5.142 | — |
| unlimited-elements | unlimited_elements_for_elementor | <= 1.5.142 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m8v6-vwmg-r6jr: The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and
ghsa_unreviewed·2025-04-03
CVE-2025-1663 [MEDIUM] CWE-79 GHSA-m8v6-vwmg-r6jr: The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Citrix
Citrix Security Bulletin CTX140044
vendor_citrix·CVSS 5.0
CVE-2014-1663 [MEDIUM] Citrix Security Bulletin CTX140044
Citrix Security Bulletin CTX140044
CVE References: CVE-2014-1663, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Suricata
ET WEB_SPECIFIC_APPS IPFire mail.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34316)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34316 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire mail.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34316)
ET WEB_SPECIFIC_APPS IPFire mail.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34316)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire mail.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34316)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:17; content:"/cgi-bin/mail.cgi"; fast_pattern; http.request_body; pcre:"/txt_mail(?:user|pass)\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34316; classtype:web-application-attack; sid:2065608; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipment, tls_s
Suricata
ET WEB_SPECIFIC_APPS IPFire dns.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire dns.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire dns.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire dns.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:16; content:"/cgi-bin/dns.cgi"; fast_pattern; http.request_body; content:"REMARK|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065579; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipment, tls_state plain
Suricata
ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34307)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34307 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34307)
ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34307)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34307)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:40; content:"/cgi-bin/logs.cgi/firewalllogcountry.dat"; fast_pattern; http.request_body; content:"pienumber|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34307; classtype:web-application-attack; sid:2065583; rev:1; metadata:affected_product IPFire
Suricata
ET WEB_SPECIFIC_APPS IPFire weakeonlan.cgi CLIENT_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire weakeonlan.cgi CLIENT_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire weakeonlan.cgi CLIENT_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire weakeonlan.cgi CLIENT_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:22; content:"/cgi-bin/wakeonlan.cgi"; fast_pattern; http.request_body; content:"CLIENT_COMMENT|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065574; rev:1; metadata:affected_product IPFire, attack_
Suricata
ET WEB_SPECIFIC_APPS IPFire vpnmain.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire vpnmain.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire vpnmain.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire vpnmain.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:20; content:"/cgi-bin/vpnmain.cgi"; fast_pattern; http.request_body; content:"REMARK|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065578; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipment, tls
Suricata
ET WEB_SPECIFIC_APPS IPFire ids.cgi IGNORE_ENTRY_REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34303)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34303 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire ids.cgi IGNORE_ENTRY_REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34303)
ET WEB_SPECIFIC_APPS IPFire ids.cgi IGNORE_ENTRY_REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34303)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire ids.cgi IGNORE_ENTRY_REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34303)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:17; content:"/cgi-bin/ids.cgi\"; fast_pattern; http.request_body; content:"IGNORE_ENTRY_REMARK|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34303; classtype:web-application-attack; sid:2065572; rev:1; metadata:affected_product IPFire, attack_targ
Suricata
ET WEB_SPECIFIC_APPS IPFire connscheduler.cgi ACTION_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire connscheduler.cgi ACTION_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire connscheduler.cgi ACTION_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire connscheduler.cgi ACTION_COMMENT Parameter Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:26; content:"/cgi-bin/connscheduler.cgi"; fast_pattern; http.request_body; content:"ACTION_COMMENT|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065576; rev:1; metadata:attack_target Networki
Suricata
ET WEB_SPECIFIC_APPS IPFire config.dat REMOTELOG_ADDR Parameter Cross Site Scripting Attempt (CVE-2025-34315)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34315 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire config.dat REMOTELOG_ADDR Parameter Cross Site Scripting Attempt (CVE-2025-34315)
ET WEB_SPECIFIC_APPS IPFire config.dat REMOTELOG_ADDR Parameter Cross Site Scripting Attempt (CVE-2025-34315)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire config.dat REMOTELOG_ADDR Parameter Cross Site Scripting Attempt (CVE-2025-34315)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:28; content:"/cgi-bin/logs.cgi/config.dat"; fast_pattern; http.request_body; content:"REMOTELOG_ADDR|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34315; classtype:web-application-attack; sid:2065607; rev:1; metadata:affected_product IPFire, attack_ta
Suricata
ET WEB_SPECIFIC_APPS IPFire time.cgi UPDATE_VALUE Parameter Cross Site Scripting Attempt (CVE-2025-34308)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34308 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire time.cgi UPDATE_VALUE Parameter Cross Site Scripting Attempt (CVE-2025-34308)
ET WEB_SPECIFIC_APPS IPFire time.cgi UPDATE_VALUE Parameter Cross Site Scripting Attempt (CVE-2025-34308)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire time.cgi UPDATE_VALUE Parameter Cross Site Scripting Attempt (CVE-2025-34308)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:17; content:"/cgi-bin/time.cgi"; fast_pattern; http.request_body; content:"UPDATE_VALUE|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34308; classtype:web-application-attack; sid:2065586; rev:1; metadata:affected_product IPFire, attack_target Networking_Equip
Suricata
ET WEB_SPECIFIC_APPS IPFire proxy.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34318)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34318 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire proxy.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34318)
ET WEB_SPECIFIC_APPS IPFire proxy.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34318)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire proxy.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34318)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:18; content:"/cgi-bin/proxy.cgi"; fast_pattern; http.request_body; pcre:"/(?:UPSTREAM_(?:USER|PASSWORD)|ADMIN_(?:MAIL_ADDRESS|PASSWORD)|TLS_HOSTNAME)\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34318; classtype:web-application-attack; sid:2065612; rev:2; metadata:affected_p
Suricata
ET WEB_SPECIFIC_APPS IPFire qos.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34310)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34310 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire qos.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34310)
ET WEB_SPECIFIC_APPS IPFire qos.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34310)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire qos.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34310)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:16; content:"/cgi-bin/qos.cgi"; fast_pattern; http.request_body; pcre:"/(?:(?:INC|OUT)_SPD|DEFCLASS_(?:INC|OUT))\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34310; classtype:web-application-attack; sid:2065592; rev:1; metadata:affected_product IPFire, attack_target Networking_
Suricata
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi BE_NAME Parameter Command Injection Attempt (CVE-2025-34312)
suricata·2025-10-30·CVSS 8.7
CVE-2025-34312 [HIGH] ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi BE_NAME Parameter Command Injection Attempt (CVE-2025-34312)
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi BE_NAME Parameter Command Injection Attempt (CVE-2025-34312)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi BE_NAME Parameter Command Injection Attempt (CVE-2025-34312)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:22; content:"/cgi-bin/urlfilter.cgi"; fast_pattern; http.request_body; content:"BE_NAME|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34312; classtype:attempted-admin; sid:2065596; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_10_30, cve CVE_2025_34312, deployment
Suricata
ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi COUNTRY_CODE Parameter Cross Site Scripting Attempt (CVE-2025-34301)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34301 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi COUNTRY_CODE Parameter Cross Site Scripting Attempt (CVE-2025-34301)
ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi COUNTRY_CODE Parameter Cross Site Scripting Attempt (CVE-2025-34301)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi COUNTRY_CODE Parameter Cross Site Scripting Attempt (CVE-2025-34301)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:20; content:"/cgi-bin/fwhosts.cgi"; http.request_body; content:"ACTION=savelocationgrp"; fast_pattern; content:"COUNTRY_CODE|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34301; classtype:web-application-attack; sid:2065570; rev:1; metadata:affected_pro
Suricata
ET WEB_SPECIFIC_APPS IPFire dns.cgi TLS_HOSTNAME Parameter Cross Site Scripting Attempt (CVE-2025-34317)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34317 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire dns.cgi TLS_HOSTNAME Parameter Cross Site Scripting Attempt (CVE-2025-34317)
ET WEB_SPECIFIC_APPS IPFire dns.cgi TLS_HOSTNAME Parameter Cross Site Scripting Attempt (CVE-2025-34317)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire dns.cgi TLS_HOSTNAME Parameter Cross Site Scripting Attempt (CVE-2025-34317)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:16; content:"/cgi-bin/dns.cgi"; fast_pattern; http.request_body; content:"TLS_HOSTNAME|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34317; classtype:web-application-attack; sid:2065609; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipmen
Suricata
ET WEB_SPECIFIC_APPS IPFire ddns.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34309)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34309 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire ddns.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34309)
ET WEB_SPECIFIC_APPS IPFire ddns.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34309)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire ddns.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34309)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:17; content:"/cgi-bin/ddns.cgi"; fast_pattern; http.request_body; pcre:"/(?:LOGIN|PASSWORD|SERVICE)\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34309; classtype:web-application-attack; sid:2065587; rev:1; metadata:affected_product IPFire, attack_target Networking_Equipment,
Suricata
ET WEB_SPECIFIC_APPS IPFire dnsforward.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire dnsforward.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire dnsforward.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire dnsforward.cgi REMARK Parameter Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:23; content:"/cgi-bin/dnsforward.cgi"; fast_pattern; http.request_body; content:"REMARK|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065577; rev:1; metadata:affected_product IPFire, attack_target Networking_Equip
Suricata
ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi PROT Parameter Cross Site Scripting Attempt (CVE-2025-34302)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34302 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi PROT Parameter Cross Site Scripting Attempt (CVE-2025-34302)
ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi PROT Parameter Cross Site Scripting Attempt (CVE-2025-34302)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire fwhosts.cgi PROT Parameter Cross Site Scripting Attempt (CVE-2025-34302)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:20; content:"/cgi-bin/fwhosts.cgi"; http.request_body; content:"ACTION=saveservice"; fast_pattern; content:"PROT|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34302; classtype:web-application-attack; sid:2065571; rev:1; metadata:affected_product IPFire, attack_target N
Suricata
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi QUOTA_USERS Parameter Cross Site Scripting Attempt (CVE-2025-34313)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34313 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi QUOTA_USERS Parameter Cross Site Scripting Attempt (CVE-2025-34313)
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi QUOTA_USERS Parameter Cross Site Scripting Attempt (CVE-2025-34313)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi QUOTA_USERS Parameter Cross Site Scripting Attempt (CVE-2025-34313)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:22; content:"/cgi-bin/urlfilter.cgi"; http.request_body; content:"MODE|3d|USERQUOTA"; fast_pattern; content:"QUOTA_USERS|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34313; classtype:web-application-attack; sid:2065602; rev:1; metadata:affected_produ
Suricata
ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34306)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34306 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34306)
ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34306)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire firewalllogip.dat pienumber Parameter Cross Site Scripting Attempt (CVE-2025-34306)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:35; content:"/cgi-bin/logs.cgi/firewalllogip.dat"; fast_pattern; http.request_body; content:"pienumber|3d|"; pcre:"/^.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/Ri"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34306; classtype:web-application-attack; sid:2065580; rev:1; metadata:affected_product IPFire, att
Suricata
ET WEB_SPECIFIC_APPS IPFire dhcp.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34305)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34305 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire dhcp.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34305)
ET WEB_SPECIFIC_APPS IPFire dhcp.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34305)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire dhcp.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34305)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:17; content:"/cgi-bin/dhcp.cgi"; fast_pattern; http.request_body; pcre:"/(?:ADVOPT_DATA|FIX_(?:REMARK|ROOTPATH|FILENAME))\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34305; classtype:web-application-attack; sid:2065575; rev:1; metadata:affected_product IPFire, attack_target
Suricata
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34314)
suricata·2025-10-30·CVSS 5.1
CVE-2025-34314 [MEDIUM] ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34314)
ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34314)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire urlfilter.cgi Multiple Parameters Cross Site Scripting Attempt (CVE-2025-34314)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:22; content:"/cgi-bin/urlfilter.cgi"; http.request_body; content:"MODE|3d|TIMECONSTRAINT"; fast_pattern; pcre:"/(?:SRC|DST|COMMENT)\x3d.*(?:on(?:(?:error)|(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle))(?:=|%3[dD])?/i"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34314; classtype:web-application-attack; sid:2065606; rev:1; metadata:affected_product IP
Suricata
ET WEB_SPECIFIC_APPS IPFire calamaris.dat Multiple Parameters Command Injection Attempt (CVE-2025-34311)
suricata·2025-10-30·CVSS 8.7
CVE-2025-34311 [HIGH] ET WEB_SPECIFIC_APPS IPFire calamaris.dat Multiple Parameters Command Injection Attempt (CVE-2025-34311)
ET WEB_SPECIFIC_APPS IPFire calamaris.dat Multiple Parameters Command Injection Attempt (CVE-2025-34311)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS IPFire calamaris.dat Multiple Parameters Command Injection Attempt (CVE-2025-34311)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:31; content:"/cgi-bin/logs.cgi/calamaris.dat"; fast_pattern; http.request_body; pcre:"/(?:(?:DAY|MONTH|YEAR)_(?:BEGIN|END)|NUM_(?:CONTENT|HOSTS|URLS|DOMAINS)|HIST_LEVEL|PERF_INTERVAL|BYTE_UNIT)\x3d[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/"; reference:url,bugzilla.ipfire.org/attachment.cgi?id=1663; reference:cve,2025-34311; classtype:attempted-admin; sid:2065594; rev:1; metadata:affected_product IPFire, attack_target
No public exploits indexed.
No writeups or analysis indexed.
2025-04-03
Published