ipfire.org CVE Vulnerabilities & CVE List (1)

Products (CPE): — CVEs: 1

ipfire.org vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to ipfire.org, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-34318 IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD parameters when adding a new DNS entry. When a user adds a DNS entry, the application issues an HTTP POST request to /cgi-bin/dns.cgi and these values are provided in the corresponding parameters. The values are stored an [email protected] 5.1 0.48% 2025-10-28 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence