CVE-2019-25400

MEDIUM

IPFire 2.21 Core Update 127 - Reflected Cross-Site Scripting in fwhosts.cgi via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25400. PoCs published by Ozer Goker.

AI-analyzed exploit summary The exploit demonstrates multiple reflected and stored XSS vulnerabilities in IPFire 2.21 Core Update 127 by providing specific URLs, methods, parameters, and payloads. It targets the web interface via POST requests to various CGI scripts, confirming the presence of XSS flaws.

Description

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, and updatesrvgrp. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated users' browsers.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappscgi

https://www.exploit-db.com/exploits/46344

View Code ZIP pw:eip

The exploit demonstrates multiple reflected and stored XSS vulnerabilities in IPFire 2.21 Core Update 127 by providing specific URLs, methods, parameters, and payloads. It targets the web interface via POST requests to various CGI scripts, confirming the presence of XSS flaws.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IPFire 2.21 Core Update 127

No auth needed

Prerequisites: Access to the IPFire web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46344

Various Sources product

https://www.ipfire.org

Release Notes patch

https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ipfire-core-update-multiple-xss-via-fwhostscgi

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 10.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

ipfire/ipfire 2.21 core_update127

Ipfire/IPFire IPFire 2.21 - Core Update 127

Published Feb 18, 2026

Tracked Since Feb 19, 2026