CVE-2026-34823
Stored XSS in Endian Firewall 3.3.25 Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34823 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34823 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall version 3.3.25 and earlier. It occurs in the remark parameter of the /manage/password/web/ endpoint. An authenticated attacker can inject arbitrary JavaScript code via this parameter, which is then stored on the server. When other users view the affected page, the malicious script is executed in their browsers.
This vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary JavaScript code in the context of other users who view the affected page. This can lead to session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information accessible through the browser.
The CVSS v4 base score of 5.1 indicates a moderate severity with low impact on confidentiality, integrity, and availability, but it still poses a risk especially in environments where user trust and data security are critical.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /manage/password/web/ endpoint for stored cross-site scripting (XSS) via the remark parameter. An authenticated user can attempt to inject JavaScript code into the remark parameter and then verify if the injected script is stored and executed when the affected page is viewed by other users.
Suggested commands include using tools like curl or a web proxy to send authenticated POST or GET requests with JavaScript payloads in the remark parameter to the /manage/password/web/ endpoint, then observing the response or subsequent page loads for script execution.
- Example curl command to test injection (replace AUTH_COOKIE and URL accordingly):
- curl -b "AUTH_COOKIE=your_auth_cookie" -d "remark=<script>alert('XSS')</script>" https://your-endian-firewall/manage/password/web/
- After injection, access the affected page as another user to check if the script executes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /manage/password/web/ endpoint to trusted authenticated users only, and avoiding the use of the remark parameter until a patch or update is applied.
Additionally, monitor and sanitize inputs to the remark parameter to prevent injection of malicious scripts.
Applying any available security updates or patches from Endian Firewall for version 3.3.25 or earlier is strongly recommended to fully remediate the vulnerability.