Lucene search
K

146 matches found

CNVD
CNVD
added 2026/04/07 12:0 a.m.1 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/password/web/, and can be exploited by an attacker to inject malicious scri...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.2 views

Endian Firewall mimetypes parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. Endian Firewall mimetypes parameter cross-site scripting vulnerability, which stems from improper handling of the mimetypes parameter in /cgi-bin/proxypolicy.cgi, can be exploited by an attacker to inject malicious JavaScript code...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.1 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18403)

Endian Firewall is a network security firewall system from Endian. Cross-site scripting vulnerability in Endian Firewall remark parameterThe vulnerability stems from improper handling of the remark parameter in /cgi-bin/outgoingfw.cgi, which can be exploited by an attacker to inject malicious...

6.4CVSS5.3AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.5 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5AI score0.00205EPSS
Exploits0
CNVD
CNVD
added 2026/04/07 12:0 a.m.1 views

Endian Firewall NAME Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...

6.4CVSS4.9AI score0.00168EPSS
Exploits0
EUVD
EUVD
added 2026/04/02 3:31 p.m.2 views

EUVD-2026-18326

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the newcertname parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00092EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18320

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18322

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.1 views

EUVD-2026-18306

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18304

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18308

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.2 views

EUVD-2026-18316

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.2 views

EUVD-2026-18310

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.3 views

EUVD-2026-18286

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.1 views

EUVD-2026-18282

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.2 views

EUVD-2026-18298

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 3:16 p.m.2 views

CVE-2026-34821

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.1 views

CVE-2026-34822

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the newcertname parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00092EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.3 views

CVE-2026-34816

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 3:16 p.m.3 views

CVE-2026-34818

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
Rows per page
Query Builder