CNNVD-202510-3817 Information
CNNVD ID
CNNVD-202510-3817
Related CVE
- CNNVD Published: 2025-10-28
Description (Chinese)
IPFire是IPFire组织的一种开源 Linux 发行版。主要用作路由器和防火墙。 IPFire 2.29之前版本存在安全漏洞,该漏洞源于对INC_SPD、OUT_SPD、DEFCLASS_INC和DEFCLASS_OUT参数输入清理和转义不足,可能导致存储型跨站脚本攻击。
Description (English)
IPFire is an open source for the organization Linux. Mainly used as routers and firewalls. There was a security loophole in the pre-IPFire 2.29 version, which arose from inadequate input clearance and conversion of INC SPD, OUT SPD, DEFCLASS INC and DEFCLASS OUT parameters, which could lead to storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
IPFire
Published
2025-10-28
Last Modified
2026-02-24
References
https://bugzilla.ipfire.org/show_bug.cgi?id=13883 https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released https://www.vulncheck.com/advisories/ipfire-stored-xss-via-quality-of-service-settings https://access.redhat.com/security/cve/cve-2025-34310
Patch
https://www.ipfire.org/downloads/ipfire-2.29-core198
Share on: