CVE-2026-34816 Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...