CVE-2026-34812
Stored XSS in Endian Firewall proxypolicy.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and prior affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34812 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier.
The vulnerability occurs because the "mimetypes" parameter in the /cgi-bin/proxypolicy.cgi endpoint does not properly neutralize input, allowing an authenticated attacker to inject arbitrary JavaScript code.
This malicious code is stored on the server and executed in the browsers of other users who view the affected page.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary JavaScript in the context of other users' browsers.
Such execution can lead to theft of user credentials, session hijacking, or other malicious actions performed on behalf of the victim user.
The impact is limited to confidentiality and integrity with low scope and no impact on availability, but it can still compromise user trust and security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the 'mimetypes' parameter in the /cgi-bin/proxypolicy.cgi endpoint of Endian Firewall versions 3.3.25 and earlier. Detection involves verifying if your system is running a vulnerable version and checking for suspicious input or stored JavaScript in this parameter.
Since the vulnerability requires authentication and involves stored cross-site scripting, you can attempt to detect it by inspecting the proxypolicy.cgi page for unexpected or injected JavaScript code in the mimetypes parameter.
No specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update Endian Firewall to a version later than 3.3.25, as the vulnerability is fixed in versions after this release.
Additionally, restrict authenticated user access to the /cgi-bin/proxypolicy.cgi endpoint to trusted users only, to reduce the risk of exploitation.
Review and sanitize inputs to the mimetypes parameter if possible, and monitor for any suspicious stored scripts.