5.1
CVE-2026-34819 - Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34818 - Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34817 - Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34816 - Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34815 - Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34814 - Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34813 - Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34812 - Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34811 - Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34810 - Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.