5.1
CVE-2026-34802 - Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34801 - Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34800 - Endian Firewall /cgi-bin/uplinkeditor.cgi NAME Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34799 - Endian Firewall /manage/dnsmasq/hosts/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34798 - Endian Firewall /cgi-bin/routing.cgi remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
8.7
CVE-2026-34797 - Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete rβ¦
8.7
CVE-2026-34796 - Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incompletβ¦
8.7
CVE-2026-34795 - Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete reβ¦
8.7
CVE-2026-34794 - Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete reβ¦
8.7
CVE-2026-34793 - Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incompleβ¦