cbcvebase.

Ipfire.Org Ipfire vulnerabilities

18 known vulnerabilities affecting ipfire.org/ipfire.

Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM16

Vulnerabilities

Page 1 of 1
CVE-2025-34311P2HIGHCVSS 8.8fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34311 [HIGH] CWE-78 CVE-2025-34311: IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allow IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP POST to /cgi-bin/logs.cgi/calamaris.dat and reads the v
nvd
CVE-2025-34312P2HIGHCVSS 8.8fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34312 [HIGH] CWE-78 CVE-2025-34312: IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allow IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST to /cgi-bin/urlfilter.cgi and interpolates the value o
nvd
CVE-2025-34304P3MEDIUMCVSS 6.5fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34304 [MEDIUM] CWE-89 CVE-2025-34304: IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/lo
nvd
CVE-2025-34309P3MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34309 [MEDIUM] CWE-79 CVE-2025-34309: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS host is added, the application issues an HTTP POST r
nvd
CVE-2025-34301P3MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34301 [MEDIUM] CWE-79 CVE-2025-34301: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRY_CODE parameter when creating a location group. When a user adds a new location group, the application issues an HTTP POST request with the ACTION parameter
nvd
CVE-2025-34316P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34316 [MEDIUM] CWE-79 CVE-2025-34316: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the mail server settings. When a user updates the mail server, the application issues an HTTP POST reques
nvd
CVE-2025-34313P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34313 [MEDIUM] CWE-79 CVE-2025-34313: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTA_USERS parameter when creating a user quota rule. When a user adds a new user quota rule the application issues an HTTP POST request to /cgi-bin/urlfilter.
nvd
CVE-2025-34314P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34314 [MEDIUM] CWE-79 CVE-2025-34314: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rule the application issues an HTTP POST request to /c
nvd
CVE-2025-34318P4MEDIUMCVSS 5.1fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34318 [MEDIUM] CWE-79 CVE-2025-34318: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD parameters when adding a new DNS entry. When a user adds a DNS entry, the
nvd
CVE-2025-34305P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34305 [MEDIUM] CWE-79 CVE-2025-34305: IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) v IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - for example, POST /cgi-bin/wakeonlan.cgi (CLIENT_
nvd
CVE-2025-34308P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34308 [MEDIUM] CWE-79 CVE-2025-34308: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATE_VALUE parameter when updating the default time synchronization settings. When the default values displayed on the Time Server page are updated, the appli
nvd
CVE-2025-34317P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34317 [MEDIUM] CWE-79 CVE-2025-34317: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HTTP POST request to /cgi-bin/dns.cgi and the TLS ho
nvd
CVE-2025-34303P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34303 [MEDIUM] CWE-79 CVE-2025-34303: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. When a whitelisted host is added, an HTTP POST request is sent to the Request-URI /cgi-bin/ids.cgi
nvd
CVE-2025-34310P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34310 [MEDIUM] CWE-79 CVE-2025-34310: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT parameters when updating Quality of Service (QoS) settings. When a user updates speeds or classes, the applicat
nvd
CVE-2025-34306P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34306 [MEDIUM] CWE-79 CVE-2025-34306: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults, the application issues an HTTP POST request to /cgi
nvd
CVE-2025-34307P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34307 [MEDIUM] CWE-79 CVE-2025-34307: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default values for the firewall country search, the application
nvd
CVE-2025-34315P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34315 [MEDIUM] CWE-79 CVE-2025-34315: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog server address. When a user updates the Remote logging Syslog server, the application issues an HTTP PO
nvd
CVE-2025-34302P4MEDIUMCVSS 5.4fixed in 2.29 (Core Update 198)2025-10-28
CVE-2025-34302 [MEDIUM] CWE-79 CVE-2025-34302: IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerab IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST request with the ACTION parameter set to saveservice
nvd
Ipfire.Org Ipfire vulnerabilities | cvebase