4 matches found
EUVD-2026-18320
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34819
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34819
Endian Firewall is affected by CVE-2026-34819: versions 3.3.25 and earlier are vulnerable to stored XSS via the REMARK parameter in /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. This is ca...
PT-2026-29779
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...