3 matches found
EUVD-2026-44748
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...
CVE-2026-34801 Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
PT-2026-29761
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixed leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...