CVE-2019-25397

Name of the Vulnerable Software and Affected Versions IPFire version 2.21 Core Update 127

Description The software contains multiple reflected cross-site scripting issues in the hosts.cgi script. Attackers can inject malicious scripts through unvalidated parameters. Specifically, attackers can send POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.

Recommendations Apply updates to address the issue in the hosts.cgi script. Validate all input parameters before processing them in the hosts.cgi script. Sanitize user-supplied data to prevent the injection of malicious scripts. Restrict access to the hosts.cgi script to authorized users only.