Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Endian Firewall 3.3.25 and earlier allows authenticated users to store arbitrary JavaScript in the remark parameter of /cgi-bin/outgoingfw.cgi, which executes when other users view the affected page. This stored cross-site scripting (XSS) vulnerability requires valid login credentials but can compromise session tokens, steal administrative actions, or perform lateral attacks within the firewall management interface. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
This vulnerability is a classic stored XSS flaw (CWE-79) in a web-based firewall management interface. The remark parameter in the outgoingfw.cgi script fails to sanitize or encode user-supplied input before storing it in a persistent data store (likely a configuration database or log file). When the vulnerable page is rendered for any user-particularly administrators viewing firewall rules-the injected JavaScript executes in their browser context with their authentication privileges. The attack vector is network-accessible and requires no elevation of privileges beyond standard authenticated user access (PR:L per CVSS vector), but depends on user interaction (UI:P) to view the affected page. CPE data would identify the specific Endian Firewall product line and versions 3.3.25 and prior as in-scope.
RemediationAI
Upgrade Endian Firewall to a version newer than 3.3.25 once available from the vendor. Check the Endian Firewall community portal and official advisories (https://help.endian.com/hc/en-us/sections/360004371358-Community and https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-outgoingfw-cgi-remark-stored-cross-site-scripting) for patched release versions. As an interim workaround pending patch availability, restrict access to the /cgi-bin/outgoingfw.cgi endpoint to a limited set of trusted administrator IP addresses using firewall rules or web server configuration, and audit existing remarks for malicious content. Additionally, implement input validation and output encoding on the remark parameter to prevent JavaScript execution.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18298
GHSA-gjmf-gpwj-9mr2