cbcvebase.

Endian Firewall Community vulnerabilities

35 known vulnerabilities affecting endian/firewall_community.

Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH9MEDIUM26

Vulnerabilities

Page 2 of 2
CVE-2026-34811P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34811 [MEDIUM] CWE-79 CVE-2026-34811: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34809P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34809 [MEDIUM] CWE-79 CVE-2026-34809: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34823P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34823 [MEDIUM] CWE-79 CVE-2026-34823: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34808P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34808 [MEDIUM] CWE-79 CVE-2026-34808: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34812P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34812 [MEDIUM] CWE-79 CVE-2026-34812: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes p Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34810P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34810 [MEDIUM] CWE-79 CVE-2026-34810: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34801P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34801 [MEDIUM] CWE-79 CVE-2026-34801: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34803P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34803 [MEDIUM] CWE-79 CVE-2026-34803: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parame Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34804P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34804 [MEDIUM] CWE-79 CVE-2026-34804: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parame Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34799P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34799 [MEDIUM] CWE-79 CVE-2026-34799: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34821P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34821 [MEDIUM] CWE-79 CVE-2026-34821: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34820P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34820 [MEDIUM] CWE-79 CVE-2026-34820: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34818P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34818 [MEDIUM] CWE-79 CVE-2026-34818: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34816P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34816 [MEDIUM] CWE-79 CVE-2026-34816: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain para Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
CVE-2026-34822P4MEDIUMCVSS 5.4≤ 3.3.252026-04-02
CVE-2026-34822 [MEDIUM] CWE-79 CVE-2026-34822: Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_na Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
nvd
Endian Firewall Community vulnerabilities | cvebase