CVE-2025-34318 | IPFire up to 2.28 Web Interface /cgi-bin/dns.cgi cross site scripting

A vulnerability was found in IPFire up to 2.28 and classified as problematic. This impacts an unknown function of the file /cgi-bin/dns.cgi of the component Web Interface. The manipulation of the argument TLS_HOSTNAME/UPSTREAM_USER/UPSTREAM_PASSWORD/ADMIN_MAIL_ADDRESS/ADMIN_PASSWORD results in cross site scripting.

This vulnerability is identified as CVE-2025-34318. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More