CVE-2025-34316 | IPFire up to 2.28 Web Interface /cgi-bin/mail.cgi txt_mailuser/txt_mailpass cross site scripting

October 28, 2025 Yanac

A vulnerability, which was classified as problematic, was found in IPFire up to 2.28. The impacted element is an unknown function of the file /cgi-bin/mail.cgi of the component Web Interface. Executing manipulation of the argument txt_mailuser/txt_mailpass can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-34316. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More