Vulnerabilities > Ipfire > Ipfire > 2.23

DATE CVE VULNERABILITY TITLE RISK
2022-10-24 CVE-2022-36368 Cross-site Scripting vulnerability in Ipfire
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
network
low complexity
ipfire CWE-79
4.8
4.8
2021-06-28 CVE-2020-21142 Cross-site Scripting vulnerability in Ipfire 2.23
Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.
network
ipfire CWE-79
4.3
4.3
2021-06-09 CVE-2021-33393 Unspecified vulnerability in Ipfire
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account.
network
low complexity
ipfire
critical
 9.0
9.0