Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary JavaScript via the mimetypes parameter in /cgi-bin/proxypolicy.cgi, which is executed when other users access the affected page. CVSS 5.1 reflects moderate impact; exploitation requires prior authentication and user interaction, limiting real-world severity despite the persistent nature of stored XSS. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
The vulnerability is a stored cross-site scripting flaw (CWE-79) in Endian Firewall's proxy policy configuration interface. The mimetypes parameter in the proxypolicy.cgi script fails to properly sanitize or encode user-supplied input before storing it in the application state or database. When an authenticated administrator or authorized user subsequently accesses the affected page, the injected JavaScript payload is executed in their browser context without validation or content security policy enforcement. This allows attackers with initial authentication credentials to compromise the session tokens or administrative privileges of other authenticated users who interact with the poisoned policy page.
RemediationAI
Upgrade Endian Firewall to a version released after 3.3.25 that addresses this stored XSS vulnerability. As of the time of analysis, specific patched version numbers were not provided in available advisory data; contact Endian directly or consult https://help.endian.com/hc/en-us/sections/360004371358-Community for the current security release. In the interim, restrict access to the proxy policy configuration interface (/cgi-bin/proxypolicy.cgi) to a minimal set of trusted administrators, enforce strong authentication, and monitor administrative user activity logs for unauthorized policy modifications. Web application firewalls or reverse proxies can provide partial mitigation by filtering suspicious input to the mimetypes parameter, though this does not address the root cause.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18306
GHSA-3frm-ppcq-w9fx