Stored Cross-Site Scripting Vulnerabilities in IPFire Web UI
CVE-2022-36368

4.8MEDIUM

Key Information:

Vendor: Ipfire Project
Status: Ipfire
Vendor: CVE Published:; 24 October 2022

🔔 Create Ipfire Project Vulnerability Alert

What is CVE-2022-36368?

IPFire, a popular open-source firewall solution, has multiple stored cross-site scripting vulnerabilities in its web user interface prior to version 2.27. These vulnerabilities enable a remote authenticated attacker, who holds administrative privileges, to inject and execute arbitrary scripts, potentially compromising the security of the system. This issue underscores the importance of keeping your firewall software updated to mitigate such risks.

Affected Version(s)

IPFire versions prior to 2.27

References

https://blog.ipfire.org/post/ipfire-2-27-core-update-170-...

https://bugzilla.ipfire.org/show_bug.cgi?id=12925

https://github.com/ipfire/ipfire-2.x

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2022
Vulnerability Reserved
Sep 25, 2022

CVE-2022-36368 Data

JSON