CVE-2025-50976

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

26/08/2025

Last modified:

26/08/2025

Description

IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

Impact

References to Advisories, Solutions, and Tools

https://github.com/4rdr/proofs/blob/main/info/IPFire-2.29-Reflected-XSS-via-DNS.md