CVE-2025-34316 — IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mail — CVE Database · The Intelligence Room