CVE-2026-34808
Stored XSS in Endian Firewall outgoingfw.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34808 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34808 is a stored Cross-Site Scripting (XSS) vulnerability found in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/outgoingfw.cgi script through the "remark" parameter.
An authenticated attacker can inject arbitrary JavaScript code into this parameter. This malicious code is stored on the server and executed when other users view the affected page, potentially compromising their security.
This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users viewing the affected page.
- It can lead to unauthorized actions performed on behalf of users, such as stealing session cookies or credentials.
- It may result in data theft, user impersonation, or other malicious activities that compromise confidentiality and integrity.
The CVSS v4 base score of 5.1 indicates a medium severity with low attack complexity but requiring authentication.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/outgoingfw.cgi script on Endian Firewall versions 3.3.25 and earlier.
Since the vulnerability requires authentication, detection involves verifying if arbitrary JavaScript code has been injected and stored via the remark parameter.
A practical approach is to perform authenticated requests to the /cgi-bin/outgoingfw.cgi endpoint and inspect the remark parameter for suspicious JavaScript code.
- Use curl or similar tools to send authenticated GET or POST requests to /cgi-bin/outgoingfw.cgi and analyze the response for injected scripts.
- Example command to fetch the page (replace USER, PASSWORD, and URL accordingly):
- curl -u USER:PASSWORD "http://<firewall-ip>/cgi-bin/outgoingfw.cgi" | grep -i remark
- Review the output for any embedded JavaScript code or suspicious script tags.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, ensure that only trusted and authenticated users have access to the Endian Firewall management interface.
Limit user privileges to reduce the risk of an attacker injecting malicious JavaScript via the remark parameter.
Monitor and sanitize inputs to the remark parameter to prevent injection of arbitrary scripts.
Apply any available patches or updates from Endian Firewall that address this stored XSS vulnerability.
If patching is not immediately possible, consider restricting access to the /cgi-bin/outgoingfw.cgi endpoint or disabling the affected functionality temporarily.