Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated users to inject malicious JavaScript via the remark parameter in /cgi-bin/dnat.cgi, which persists and executes when other administrators or users access the affected page. This requires valid login credentials but can compromise the integrity and confidentiality of management sessions for other users.
Technical ContextAI
The vulnerability stems from CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating insufficient input sanitization or output encoding in the DNAT (Destination Network Address Translation) configuration interface. The remark parameter is stored in the application's backend without proper validation or encoding, allowing an authenticated user to submit JavaScript payloads that are later rendered unsafely when displayed to other authenticated users. This is a stored XSS variant (persistent XSS), meaning the malicious payload remains in the application's data store indefinitely until manually removed.
RemediationAI
Upgrade Endian Firewall to a version released after 3.3.25 that includes patches for this XSS vulnerability. Consult Endian's advisory and release notes at https://help.endian.com/hc/en-us/sections/360004371358-Community to identify the specific patched version available for your deployment. As an interim workaround pending patching, restrict administrative console access to trusted networks via firewall ACLs, enforce multi-factor authentication for management accounts, and audit existing DNAT rules for any suspicious remarks or JavaScript payloads. Additionally, consider monitoring or filtering the remark field input via Web Application Firewall (WAF) rules to block common XSS payloads (e.g., script tags, event handlers) until the patch is deployed.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18292
GHSA-424h-wx8h-m36j