EUVD-2026-18296
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...