PT-2021-10309 · Ipfire · Ipfire
Dharmesh Baskaran
·
Published
2021-07-12
·
Updated
2022-04-29
·
CVE-2020-19204
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IPFire version 2.21 (x86 64) - Core Update 130
Description:
A Stored Cross-Site Scripting (XSS) issue exists, allowing an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries via the "Remark" text box or
remark parameter in the "routing.cgi" Routing Table Entries.Recommendations:
For IPFire version 2.21 (x86 64) - Core Update 130, as a temporary workaround, consider restricting access to the "routing.cgi" Routing Table Entries or avoiding the use of the
remark parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipfire