IPFire Stored Cross-Site Scripting Vulnerability in Location Group Creation

A stored cross-site scripting vulnerability has been identified in IPFire versions prior to 2.29 (Core Update 198). This vulnerability allows authenticated attackers to inject arbitrary JavaScript into the COUNTRY_CODE parameter while creating location groups. The injected code is stored and later executed in the context of users viewing the affected page, due to improper sanitization of the COUNTRY_CODE value, which determines the flag displayed for the location group.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of users viewing the affected page.

Reproduction

To reproduce this vulnerability, an authenticated user can create a new location group and inject JavaScript into the COUNTRY_CODE parameter. When the group is saved, the application processes the COUNTRY_CODE value without proper sanitization, leading to the execution of the injected script when the group is viewed.

Remediation

Users can update to IPFire 2.29 (Core Update 198) to address this vulnerability.