exploitDog

GHSA-wj34-3cm4-v64v

Опубликовано: 19 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 6.1

Описание

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.

Ссылки

EPSS

Процентиль: 16%

0.00051

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-25396

CVSS3: 6.1

nvd

3 месяца назад

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.

EPSS

Процентиль: 16%

0.00051

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79