CVE-2025-34308 | IPFire up to 2.28 Time Server Page /cgi-bin/time.cgi UPDATE_VALUE cross site scripting

October 28, 2025 Yanac

A vulnerability was found in IPFire up to 2.28. It has been declared as problematic. This affects an unknown function of the file /cgi-bin/time.cgi of the component Time Server Page. The manipulation of the argument UPDATE_VALUE results in cross site scripting.

This vulnerability is cataloged as CVE-2025-34308. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More