Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the new_cert_name parameter in the /manage/ca/certificate/ endpoint. The injected payload is stored and executed when other users access the affected page, enabling session hijacking, credential theft, or malware distribution within the firewall management interface. No public exploit code or active exploitation has been confirmed at the time of this analysis.
Technical ContextAI
This vulnerability exploits improper input validation and output encoding in the certificate management functionality of Endian Firewall. The root cause is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The new_cert_name parameter fails to sanitize or properly encode user-supplied input before storing it in the backend and rendering it in the web interface. Unlike reflected XSS, stored XSS persists in the application database, making it a higher-severity variant because every user who accesses the certificate management page becomes a potential victim. The attack surface is limited to authenticated users with access to the /manage/ca/certificate/ endpoint, typically administrators or operators of the Endian Firewall appliance.
RemediationAI
Upgrade Endian Firewall to a patched version released after 3.3.25. Patch availability and exact fixed version numbers should be confirmed via the official Endian support portal (https://help.endian.com/hc/en-us/sections/360004371358-Community) or by contacting Endian support directly. As an interim mitigation, restrict access to the /manage/ca/certificate/ endpoint to trusted administrators only, implement web application firewall rules to block script tags in the new_cert_name parameter, and audit existing certificate entries for suspicious JavaScript payloads. Enable logging on certificate management operations and review audit trails for unauthorized modifications.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18326
GHSA-6c3w-vc43-gphg