A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability allows any authenticated administrator to inject persistent JavaScript into firewall rule parameters. Once stored, the payload executes automatically when another administrator loads the rules page, potentially resulting in session hijacking, unauthorized actions within the interface, or […]
The post IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: