Endian Firewall ADDRESS BCC Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

CVE-2026-34817

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34817

Endian Firewall contains a stored XSS vulnerability in versions 3.3.25 and earlier. The flaw allows an authenticated attacker to inject JavaScript via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi, which is stored and executed when other users view the affected page. CVSS metrics include ...