All the vulnerabilites related to IPFire - IPFire
cve-2022-36368
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IPFire Project | IPFire |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.ipfire.org/post/ipfire-2-27-core-update-170-released"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=12925"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ipfire/ipfire-2.x"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15411362/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPFire",
"vendor": "IPFire Project",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-24T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://blog.ipfire.org/post/ipfire-2-27-core-update-170-released"
},
{
"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=12925"
},
{
"url": "https://github.com/ipfire/ipfire-2.x"
},
{
"url": "https://jvn.jp/en/jp/JVN15411362/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-36368",
"datePublished": "2022-10-24T00:00:00",
"dateReserved": "2022-09-25T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-19204
Vulnerability from cvelistv5
Published
2021-07-12 15:22
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.lightningwirelabs.com | x_refsource_MISC | |
| https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released | x_refsource_MISC | |
| https://gist.github.com/dharmeshbaskaran/1fdc069c0ad729d12bf3304b5f19b02d | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lightningwirelabs.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/dharmeshbaskaran/1fdc069c0ad729d12bf3304b5f19b02d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the \"routing.cgi\" Routing Table Entries via the \"Remark\" text box or \"remark\" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T17:08:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lightningwirelabs.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/dharmeshbaskaran/1fdc069c0ad729d12bf3304b5f19b02d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the \"routing.cgi\" Routing Table Entries via the \"Remark\" text box or \"remark\" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.lightningwirelabs.com",
"refsource": "MISC",
"url": "https://www.lightningwirelabs.com"
},
{
"name": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released",
"refsource": "MISC",
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released"
},
{
"name": "https://gist.github.com/dharmeshbaskaran/1fdc069c0ad729d12bf3304b5f19b02d",
"refsource": "MISC",
"url": "https://gist.github.com/dharmeshbaskaran/1fdc069c0ad729d12bf3304b5f19b02d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19204",
"datePublished": "2021-07-12T15:22:38",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33393
Vulnerability from cvelistv5
Published
2021-06-09 21:25
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MucahitSaratar/ipfire-2-25-auth-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ipfire/ipfire-2.x/commit/6769d909306d7bdc43d64598872126fcf1b217f6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ipfire/ipfire-2.x/commits/master?since=2021-05-17\u0026until=2021-05-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T20:06:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MucahitSaratar/ipfire-2-25-auth-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ipfire/ipfire-2.x/commit/6769d909306d7bdc43d64598872126fcf1b217f6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ipfire/ipfire-2.x/commits/master?since=2021-05-17\u0026until=2021-05-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MucahitSaratar/ipfire-2-25-auth-rce",
"refsource": "MISC",
"url": "https://github.com/MucahitSaratar/ipfire-2-25-auth-rce"
},
{
"name": "https://github.com/ipfire/ipfire-2.x/commit/6769d909306d7bdc43d64598872126fcf1b217f6",
"refsource": "MISC",
"url": "https://github.com/ipfire/ipfire-2.x/commit/6769d909306d7bdc43d64598872126fcf1b217f6"
},
{
"name": "https://github.com/ipfire/ipfire-2.x/commits/master?since=2021-05-17\u0026until=2021-05-17",
"refsource": "MISC",
"url": "https://github.com/ipfire/ipfire-2.x/commits/master?since=2021-05-17\u0026until=2021-05-17"
},
{
"name": "http://packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33393",
"datePublished": "2021-06-09T21:25:52",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-19202
Vulnerability from cvelistv5
Published
2021-06-17 15:22
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c | x_refsource_MISC | |
| https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated Stored XSS (Cross-site Scripting) exists in the \"captive.cgi\" Captive Portal via the \"Title of Login Page\" text box or \"TITLE\" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T11:14:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated Stored XSS (Cross-site Scripting) exists in the \"captive.cgi\" Captive Portal via the \"Title of Login Page\" text box or \"TITLE\" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c",
"refsource": "MISC",
"url": "https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c"
},
{
"name": "https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released",
"refsource": "MISC",
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19202",
"datePublished": "2021-06-17T15:22:58",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:08:30.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9757
Vulnerability from cvelistv5
Published
2017-06-19 13:00
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42149/ | exploit, x_refsource_EXPLOIT-DB | |
| https://twitter.com/0x09AL/status/873860385652256768 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99173 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42149/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/0x09AL/status/873860385652256768"
},
{
"name": "99173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42149/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/0x09AL/status/873860385652256768"
},
{
"name": "99173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42149",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42149/"
},
{
"name": "https://twitter.com/0x09AL/status/873860385652256768",
"refsource": "MISC",
"url": "https://twitter.com/0x09AL/status/873860385652256768"
},
{
"name": "99173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9757",
"datePublished": "2017-06-19T13:00:00",
"dateReserved": "2017-06-19T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-21142
Vulnerability from cvelistv5
Published
2021-06-28 19:08
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.ipfire.org/show_bug.cgi?id=12226 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=12226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T19:08:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=12226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.ipfire.org/show_bug.cgi?id=12226",
"refsource": "MISC",
"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=12226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21142",
"datePublished": "2021-06-28T19:08:10",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16232
Vulnerability from cvelistv5
Published
2018-10-17 14:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/ | x_refsource_MISC | |
| https://www.ipfire.org/news/ipfire-2-21-core-update-124-released | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-11T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/",
"refsource": "MISC",
"url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"
},
{
"name": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released",
"refsource": "CONFIRM",
"url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16232",
"datePublished": "2018-10-17T14:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2022-000075
Vulnerability from jvndb
Published
2022-10-06 13:05
Modified
2024-06-12 14:28
Severity ?
Summary
IPFire WebUI vulnerable to cross-site scripting
Details
The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities (CWE-79).
This analysis assumes a scenario where one administrative user prepares malicious content, and then another administrative user accesses this content, resulting in a cross-site scripting attack.
Satoshi Horikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN15411362/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-36368 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-36368 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000075.html",
"dc:date": "2024-06-12T14:28+09:00",
"dcterms:issued": "2022-10-06T13:05+09:00",
"dcterms:modified": "2024-06-12T14:28+09:00",
"description": "The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities (CWE-79).\r\n\r\nThis analysis assumes a scenario where one administrative user prepares malicious content, and then another administrative user accesses this content, resulting in a cross-site scripting attack.\r\n\r\nSatoshi Horikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000075.html",
"sec:cpe": {
"#text": "cpe:/a:ipfire:ipfire",
"@product": "IPFire",
"@vendor": "IPFire",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000075",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15411362/index.html",
"@id": "JVN#15411362",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36368",
"@id": "CVE-2022-36368",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36368",
"@id": "CVE-2022-36368",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "IPFire WebUI vulnerable to cross-site scripting"
}