RSS   Podatności dla 'Ipfire'   RSS

2021-07-12
 
CVE-2020-19204

CWE-79
 

 
An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries.

 
2021-06-28
 
CVE-2020-21142

CWE-79
 

 
Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.

 
2021-06-17
 
CVE-2020-19202

CWE-79
 

 
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.

 
2018-10-17
 
CVE-2018-16232

CWE-78
 

 
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

 
2017-06-19
 
CVE-2017-9757

CWE-78
 

 
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

 


Copyright 2024, cxsecurity.com

 

Back to Top