Cross Site Scripting Vulnerability in IPFire Web UI
CVE-2020-21142

6.1MEDIUM

Key Information:

Vendor: Ipfire
Status: Ipfire
Vendor: CVE Published:; 28 June 2021

What is CVE-2020-21142?

A Cross Site Scripting (XSS) vulnerability exists in IPFire 2.23, specifically within the mail.cgi component of the web user interface. This flaw allows attackers to inject malicious scripts into web pages viewed by other users. If exploited, this vulnerability can potentially lead to unauthorized access to sensitive information or manipulation of site content, posing a serious risk to the security of the affected systems.

References

https://bugzilla.ipfire.org/show_bug.cgi?id=12226

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-21142 Data

JSON

Ipfire

What is CVE-2020-21142?

References

CVSS V3.1

Timeline