VulnerAlert



APPLICATION
28-10-2025 23:08

CVE-2025-34316 Vulnerabilidad documentada

Sin puntuación
Tags
#xss
#site
#cross
#web
#server
#javascript
#java
#cross-site
#config
#application
#vulnerability
#cross-site scripting
#affected
#authenticated
#arbitrary
#scripting
#pass
#password
#issue
#inject
#execute
#configuration
#allow
#attack
#affect
Descripción
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating mail server settings. When a user updates server, application issues HTTP POST request /cgi-bin/mail.cgi username password are provided in parameters. The values of these later rendered web interface without proper sanitation or encoding, allowing injected scripts execute context other users who view affected configuration.
https://bugzilla.ipfire.org/show_bug.cgi?id=13891
https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released
https://www.vulncheck.com/advisories/ipfire-stored-xss-via-mail-server-settings
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-34316
Resultados similares
Coincidentes en almenos en 50% de los tags
29-10-2025
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack Thre...
Ver información
28-10-2025 CVE-2025-34317
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vu...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por