Security Vulnerabilities
IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - for example, POST /cgi-bin/wakeonlan.cgi (CLIENT_COMMENT), /cgi-bin/dhcp.cgi (ADVOPT_DATA, FIX_REMARK, FIX_FILENAME, FIX_ROOTPATH), /cgi-bin/connscheduler.cgi (ACTION_COMMENT), /cgi-bin/dnsforward.cgi (REMARK), /cgi-bin/vpnmain.cgi (REMARK), or /cgi-bin/dns.cgi (REMARK) - the application calls escape() and HTML::Entities::encode_entities() but never assigns the sanitized result back to the output variable. The original unsanitized value is therefore stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected entries.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-28
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults, the application issues an HTTP POST request to /cgi-bin/logs.cgi/firewalllogip.dat with the default number of IPs in the pienumber parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected page.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-28
IPFire versions prior to 2.29 (Core Update 198) containĀ a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default values for the firewall country search, the application issues an HTTP POST request to /cgi-bin/logs.cgi/firewalllogcountry.dat and the default number of countries to display is provided in the pienumber parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected firewall country search settings.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-28
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-28
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-28
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-28
A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-28
A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-28
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-28
A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-28