Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary JavaScript via the remark parameter in the /manage/dnsmasq/hosts/ endpoint. The injected payload is stored server-side and executed in the browsers of any user who subsequently views the affected page, enabling session hijacking, credential theft, or malware distribution. CVSS 5.1 reflects the moderate impact and requirement for user interaction; no public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
This is a stored cross-site scripting vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) in Endian Firewall's DNS management interface. The vulnerability exists because user input submitted via the 'remark' parameter to /manage/dnsmasq/hosts/ is not adequately sanitized or HTML-escaped before being stored in the backend and rendered in subsequent HTTP responses. The attack surface is limited to authenticated users (requiring valid credentials), but the impact propagates when any logged-in administrator or user views the DNS hosts configuration page, making this a classic stored XSS with delayed execution. The vulnerability affects the web management console component responsible for DNS masquerading host configuration.
RemediationAI
Upgrade Endian Firewall to a version newer than 3.3.25 that includes input sanitization and output encoding fixes for the remark parameter in the DNS management interface. Consult Endian's advisory at https://www.vulncheck.com/advisories/endian-firewall-manage-dnsmasq-hosts-remark-cross-site-scripting or contact Endian support (disclosure@vulncheck.com reference) for confirmed patched version numbers. As an interim mitigation, restrict administrative access to the /manage/dnsmasq/hosts/ endpoint to trusted users only, monitor audit logs for suspicious remark entries containing script tags or event handlers, and consider implementing a Web Application Firewall (WAF) rule to block common XSS payloads in the remark parameter. No vendor-released patch version number was independently confirmed in the provided advisory data.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18280