{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T10:38:29.649","vulnerabilities":[{"cve":{"id":"CVE-2025-34317","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-10-28T15:16:12.037","lastModified":"2025-11-03T17:03:01.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HTTP POST request to /cgi-bin/dns.cgi and the TLS hostname is provided in the TLS_HOSTNAME parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected DNS configuration."},{"lang":"es","value":"Las versiones de IPFire anteriores a la 2.29 (Core Update 198) contienen una vulnerabilidad de cross-site scripting (XSS) almacenado que permite a un atacante autenticado inyectar código JavaScript arbitrario a través del parámetro TLS_HOSTNAME al añadir una nueva entrada DNS. Cuando un usuario añade una entrada DNS, la aplicación emite una solicitud HTTP POST a /cgi-bin/dns.cgi y el nombre de host TLS se proporciona en el parámetro TLS_HOSTNAME. El valor de este parámetro se almacena y posteriormente se renderiza en la interfaz web sin la sanitización o codificación adecuadas, permitiendo que los scripts inyectados se ejecuten en el contexto de otros usuarios que visualizan la configuración DNS afectada."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:*:*:*:*:*:*:*:*","versionEndIncluding":"2.29","matchCriteriaId":"152B0C0E-533C-46A3-8688-A7A2282353E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update183:*:*:*:*:*:*","matchCriteriaId":"A39350F9-D6D9-49A5-88BC-C5489AA6038C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update184:*:*:*:*:*:*","matchCriteriaId":"CDDC0CEB-073B-41A0-8A52-4DAAAD77AA6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update185:*:*:*:*:*:*","matchCriteriaId":"745640B9-2180-48C3-82CC-D6E73AAF95D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update186:*:*:*:*:*:*","matchCriteriaId":"08006D41-7288-4333-83FE-B6FD7CD5C779"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update187:*:*:*:*:*:*","matchCriteriaId":"15EE4FEE-62AB-4172-B898-19DE6F50B7AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update188:*:*:*:*:*:*","matchCriteriaId":"5B0ECE9B-DD45-40E1-842A-0B0B1786187E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update189:*:*:*:*:*:*","matchCriteriaId":"9B9BDB00-A750-4053-8812-5A3854042CB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update190:*:*:*:*:*:*","matchCriteriaId":"16F654D7-CC82-4428-BBEF-1110CAE75597"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update191:*:*:*:*:*:*","matchCriteriaId":"FFCC61A9-AF1B-4F8A-98D2-FB7854AF0EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update192:*:*:*:*:*:*","matchCriteriaId":"7A66DC97-E88F-455E-B688-88BCC95E861B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update193:*:*:*:*:*:*","matchCriteriaId":"DDF56682-47E8-436F-B5FE-55A8B525D699"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update194:*:*:*:*:*:*","matchCriteriaId":"A4ADE9ED-675A-4577-AF4A-047B4D7D8E2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update195:*:*:*:*:*:*","matchCriteriaId":"3FA0F87A-3926-4B10-97C8-12EBFD9454D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update196:*:*:*:*:*:*","matchCriteriaId":"0E2F1488-B8FA-4BFF-81B9-308E0C462B47"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipfire:ipfire:2.29:core_update197:*:*:*:*:*:*","matchCriteriaId":"3480B74D-D516-4A8C-AAA3-C7990FEA345D"}]}]}],"references":[{"url":"https://bugzilla.ipfire.org/show_bug.cgi?id=13892","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://www.vulncheck.com/advisories/ipfire-stored-xss-via-dns-settings-dns-cgi","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}}]}