Yann C

**Name of the Vulnerable Software and Affected Versions** IPCop (aka IPCop Firewall) versions prior to 2.1.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the QUERY STRING in the cgi-bin/ipinfo.cgi endpoint. This can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. **Recommendations** For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/ipinfo.cgi endpoint to minimize the risk of exploitation. Avoid using the QUERY STRING parameter in the affected endpoint until the issue is resolved.