CVE-2026-34817
Stored XSS in Endian Firewall smtprouting.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34817 is a stored cross-site scripting (XSS) vulnerability found in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/smtprouting.cgi script through the ADDRESS BCC parameter.
An authenticated attacker can inject arbitrary JavaScript code into this parameter, which is then stored on the server. When other users view the affected page, the malicious script executes, potentially compromising their security.
This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject and store malicious JavaScript code that executes in the browsers of other users who view the affected page.
The impact includes potential compromise of user security through actions such as session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information.
Although the CVSS scores indicate a medium severity with low impact on confidentiality, integrity, and availability, the persistent nature of the XSS can lead to ongoing security risks within the Endian Firewall management interface.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of stored cross-site scripting (XSS) payloads in the ADDRESS BCC parameter of the /cgi-bin/smtprouting.cgi script on Endian Firewall versions 3.3.25 and earlier.
To detect exploitation attempts or presence of malicious scripts, you can review HTTP requests and responses involving the /cgi-bin/smtprouting.cgi endpoint, especially focusing on the ADDRESS BCC parameter.
Suggested commands include using curl or wget to send requests and grep or similar tools to search for suspicious JavaScript code in responses or logs.
- curl -u <username>:<password> 'http://<firewall-ip>/cgi-bin/smtprouting.cgi' | grep -i 'script'
- grep -r 'ADDRESS BCC' /var/log/httpd/ or relevant web server logs to find suspicious input
- Use a web vulnerability scanner to test for stored XSS on the /cgi-bin/smtprouting.cgi endpoint with authenticated access
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Endian Firewall management interface to trusted users only and ensuring that only authenticated users can access the /cgi-bin/smtprouting.cgi script.
Users should prioritize updating Endian Firewall to a version later than 3.3.25 where this vulnerability is fixed.
As a temporary workaround, input validation or sanitization can be applied to the ADDRESS BCC parameter to prevent injection of malicious JavaScript.
Monitoring and logging access to the vulnerable endpoint can help detect exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34817 affects compliance with common standards and regulations such as GDPR or HIPAA.