CVE-2026-34803
Stored XSS in Endian Firewall QoS Classes Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34803 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability affecting Endian Firewall versions 3.3.25 and earlier.
The vulnerability exists in the handling of the "name" parameter within the /manage/qos/classes/ endpoint.
An authenticated attacker can inject arbitrary JavaScript code via this parameter, which is then stored and executed when other users access the affected page.
This issue is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can this vulnerability impact me? :
An attacker who is authenticated can inject malicious JavaScript code that will execute in the browsers of other users who view the affected page.
This can lead to potential risks such as session hijacking, unauthorized actions performed on behalf of users, or exposure of sensitive information within the context of the affected application.
However, the CVSS v4.0 score indicates no direct impact on confidentiality, integrity, or availability, suggesting the impact is limited to user interaction and potential client-side exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored cross-site scripting (XSS) via the "name" parameter in the /manage/qos/classes/ endpoint of Endian Firewall versions 3.3.25 and prior. Detection involves monitoring for suspicious or unexpected JavaScript code injections in this parameter.
Since the vulnerability requires authentication and user interaction, detection can include reviewing logs for unusual POST or GET requests to /manage/qos/classes/ that contain suspicious script tags or JavaScript code in the "name" parameter.
Specific commands are not provided in the available resources, but typical approaches include using web application scanners or manual inspection with tools like curl or wget to send crafted requests and observe responses.
- Use curl to send a test request to the vulnerable endpoint with a script payload in the "name" parameter to see if it is stored and reflected.
- Monitor web server logs for POST or GET requests to /manage/qos/classes/ containing suspicious JavaScript code.
- Employ web vulnerability scanners that support authenticated scanning to detect stored XSS vulnerabilities.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include prioritizing remediation based on threat intelligence and monitoring real-time alerts to detect exploitation attempts.
Since the vulnerability affects Endian Firewall versions 3.3.25 and prior, updating to a fixed or newer version (if available) is recommended.
In the absence of an available patch, restricting access to the /manage/qos/classes/ endpoint to trusted users and minimizing privileges can reduce risk.
Additionally, educating authenticated users about the risk of injecting scripts and monitoring for unusual activity can help mitigate exploitation.