CVE-2026-34804
Stored XSS in Endian Firewall QoS Rules Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34804 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier.
The vulnerability occurs via the "dscp" parameter in the "/manage/qos/rules/" endpoint, where an authenticated attacker can inject arbitrary JavaScript code.
This malicious code is stored on the server and executed when other users view the affected page, potentially compromising their session or data.
It is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes when other users access the affected page.
The impact includes potential theft of user credentials, session hijacking, or other malicious actions performed in the context of the victim's browser.
According to the CVSS scores, the vulnerability has a medium severity with limited impact on confidentiality, integrity, and availability, but it can still lead to significant security risks for users interacting with the affected interface.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and inspecting HTTP requests to the /manage/qos/rules/ endpoint, specifically looking for the presence of the dscp parameter containing suspicious or arbitrary JavaScript code.
Since the vulnerability requires authentication, detection involves verifying if authenticated users have submitted requests with potentially malicious payloads in the dscp parameter.
Commands to detect this might include using web server logs or network traffic analysis tools to search for requests to /manage/qos/rules/ with the dscp parameter.
- Using grep on web server logs: grep "/manage/qos/rules/" /var/log/httpd/access_log | grep "dscp="
- Using curl to test injection: curl -u <user>:<password> -X POST "https://<firewall-ip>/manage/qos/rules/" -d "dscp=<script>alert(1)</script>"
- Using a web proxy or interception tool (e.g., Burp Suite) to capture and analyze requests to the vulnerable endpoint.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /manage/qos/rules/ endpoint to trusted and authenticated users only.
Ensure that users with access are aware of the risk and avoid entering untrusted input into the dscp parameter.
Apply any available patches or updates from Endian Firewall that address this vulnerability.
If patching is not immediately possible, consider implementing web application firewall (WAF) rules to detect and block attempts to inject JavaScript code via the dscp parameter.
Regularly audit and sanitize inputs on the affected endpoint to prevent stored XSS.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34804 impacts compliance with common standards and regulations such as GDPR or HIPAA.