CVE-2025-34310 | IPFire up to 2.28 Web Interface /cgi-bin/qos.cgi INC_SPD/OUT_SPD/DEFCLASS_INC/DEFCLASS_OUT cross site scripting

October 28, 2025 Yanac

A vulnerability categorized as problematic has been discovered in IPFire up to 2.28. Affected is an unknown function of the file /cgi-bin/qos.cgi of the component Web Interface. Such manipulation of the argument INC_SPD/OUT_SPD/DEFCLASS_INC/DEFCLASS_OUT leads to cross site scripting.

This vulnerability is documented as CVE-2025-34310. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More