CVE-2026-34814
Stored XSS in Endian Firewall Proxygroup Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34814 is a stored Cross-Site Scripting (XSS) vulnerability found in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/proxygroup.cgi script via the "group" parameter.
An authenticated attacker can inject arbitrary JavaScript code that is stored on the server. This malicious code is then executed whenever other users view the affected page, potentially compromising their sessions or actions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34814 is a stored Cross-Site Scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code executed by other users. Such vulnerabilities can lead to session compromise or unauthorized actions on behalf of users.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, stored XSS vulnerabilities generally pose risks to data confidentiality and user privacy, which are critical aspects of these regulations.
Therefore, this vulnerability could potentially impact compliance by exposing user sessions and data to unauthorized access or manipulation, which may violate requirements for protecting personal data and ensuring secure user interactions.
How can this vulnerability impact me? :
This vulnerability allows an attacker with low privileges and requiring user interaction to perform persistent XSS attacks.
- Compromise user sessions by executing malicious JavaScript in the context of other users.
- Perform unauthorized actions on behalf of other users viewing the vulnerable page.
The overall impact on confidentiality, integrity, and availability is low, but it can still lead to security risks related to user trust and session security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored cross-site scripting (XSS) via the "group" parameter in the /cgi-bin/proxygroup.cgi script on Endian Firewall versions 3.3.25 and prior.
To detect this vulnerability, you can attempt to authenticate to the Endian Firewall and test the "group" parameter by injecting harmless JavaScript payloads to see if they are stored and executed when the affected page is viewed.
Specific commands or automated tools are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The provided information does not include specific mitigation steps or patches.
General best practices for mitigating stored XSS vulnerabilities include applying any available software updates or patches from the vendor, restricting access to the affected interface, and sanitizing or validating input parameters such as "group".