CVE-2026-34811
Stored XSS in Endian Firewall xtaccess.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34811 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34811 is a medium-severity stored cross-site scripting (XSS) vulnerability affecting Endian Firewall version 3.3.25 and earlier.
The vulnerability occurs because the 'remark' parameter in the /cgi-bin/xtaccess.cgi script does not properly neutralize input, allowing an authenticated attacker to inject arbitrary JavaScript code.
This injected code is stored and then executed when other users view the affected page, potentially compromising their interaction with the system.
How can this vulnerability impact me? :
An authenticated attacker can exploit this vulnerability to inject malicious JavaScript code that executes in the browsers of other users who view the affected page.
This can lead to user session hijacking, unauthorized actions performed on behalf of users, or other malicious activities that compromise user security.
However, according to the CVSS v4 vector, the vulnerability has no direct impact on confidentiality, integrity, or availability of the system itself, and requires user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi in Endian Firewall version 3.3.25 and prior. Detection would involve checking for suspicious or malicious JavaScript code injected into the remark parameter on the affected endpoint.
Since the vulnerability requires authentication and involves stored input, detection can include reviewing logs or database entries for unusual JavaScript code in the remark parameter, or monitoring HTTP requests to /cgi-bin/xtaccess.cgi for suspicious payloads.
- Use web application scanning tools to test the /cgi-bin/xtaccess.cgi endpoint with payloads containing JavaScript in the remark parameter.
- Manually inspect the remark parameter values in the application or database for injected scripts.
- Monitor HTTP traffic to /cgi-bin/xtaccess.cgi for POST or GET requests containing suspicious JavaScript code in the remark parameter.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint and ensuring only trusted authenticated users can access it.
Apply input validation and sanitization on the remark parameter to prevent injection of JavaScript code.
If possible, upgrade Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
- Limit user privileges to reduce the risk of malicious input.
- Educate users to avoid interacting with suspicious inputs that may trigger stored XSS.