CVE-2026-34805
Stored XSS in Endian Firewall dnat.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34805 impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34805 is a stored Cross-Site Scripting (XSS) vulnerability found in Endian Firewall version 3.3.25 and earlier. It occurs in the /cgi-bin/dnat.cgi script via the "remark" parameter.
An authenticated attacker can inject arbitrary JavaScript code through this parameter. This malicious code is stored on the server and executed when other users view the affected page.
This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users who view the affected page.
- It can lead to unauthorized actions performed on behalf of other users.
- It may result in theft of sensitive information such as session tokens or credentials.
- It can degrade user trust and potentially disrupt normal operations by executing unwanted scripts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored cross-site scripting (XSS) via the "remark" parameter in the /cgi-bin/dnat.cgi script on Endian Firewall version 3.3.25 and earlier.
To detect this vulnerability, you can check for the presence of the vulnerable endpoint and test if the "remark" parameter accepts and stores JavaScript code.
- Use curl or similar tools to send an authenticated request injecting a harmless JavaScript payload into the remark parameter, for example:
- curl -u <username>:<password> -d "remark=<script>alert('XSS')</script>" https://<target>/cgi-bin/dnat.cgi
- Then, access the affected page as another user to see if the injected script executes.
Additionally, monitoring web traffic for suspicious JavaScript payloads in requests to /cgi-bin/dnat.cgi can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /cgi-bin/dnat.cgi endpoint to trusted authenticated users only.
Ensure that user input in the "remark" parameter is properly sanitized or filtered to prevent injection of JavaScript code.
If possible, update Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
Monitor logs and web traffic for suspicious activity related to the remark parameter to detect exploitation attempts early.