CVE-2025-34317 | IPFire up to 2.28 Web Interface /cgi-bin/dns.cgi TLS_HOSTNAME cross site scripting

October 28, 2025 Yanac

A vulnerability has been found in IPFire up to 2.28 and classified as problematic. This affects an unknown function of the file /cgi-bin/dns.cgi of the component Web Interface. The manipulation of the argument TLS_HOSTNAME leads to cross site scripting.

This vulnerability is referenced as CVE-2025-34317. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More