Lucene search
K

168 matches found

NVD
NVD
added 2026/04/02 3:16 p.m.3 views

CVE-2026-34806

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.3 views

CVE-2026-34805

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.4 views

CVE-2026-34799

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.6 views

CVE-2026-34802

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.4 views

CVE-2026-34798

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34823 Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS6AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.18 views

CVE-2026-34823 Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34823

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/02 2:46 p.m.11 views

CVE-2026-34823

CVE-2026-34823 affects Endian Firewall prior to version 3.3.25. The issue is a stored XSS in the remark parameter of /manage/password/web/. An authenticated attacker can inject JavaScript that is stored and then executed when other users view the affected page. The vulnerability is confirmed by m...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.1 views

CVE-2026-34821 Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.5 views

CVE-2026-34820

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34820 Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS6AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:46 p.m.12 views

CVE-2026-34820

Endian Firewall

6.4CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.24 views

CVE-2026-34819 Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.1 views

CVE-2026-34818 Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34819

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:46 p.m.2 views

CVE-2026-34818

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:46 p.m.1 views

CVE-2026-34819 Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.18 views

CVE-2026-34818 Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:46 p.m.22 views

CVE-2026-34819

Endian Firewall is affected by CVE-2026-34819: versions 3.3.25 and earlier are vulnerable to stored XSS via the REMARK parameter in /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. This is ca...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder