Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the NAME parameter in /cgi-bin/uplinkeditor.cgi, which is executed when other users access the affected page. The vulnerability requires user interaction (UI:P) and low privileges (PR:L), limiting immediate automated exploitation but enabling account compromise and lateral privilege escalation within authenticated user populations. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
This is a stored cross-site scripting vulnerability (CWE-79) in Endian Firewall's uplinkeditor.cgi CGI script. The NAME parameter fails to properly sanitize or encode user-supplied input before storing it in a backend system and rendering it to authenticated users. Unlike reflected XSS, stored XSS persists in the application's data layer, making it a vector for attacking all users who subsequently view the affected page. The vulnerability affects the web management interface accessible over the network (AV:N), with low attack complexity (AC:L), indicating straightforward exploitation once an authenticated session is obtained.
RemediationAI
Upgrade Endian Firewall to a patched version released after 3.3.25; consult the vendor advisory at https://help.endian.com/hc/en-us/sections/360004371358-Community for the exact fixed version number and release notes. As an interim mitigation, restrict network access to the firewall's web management interface (/cgi-bin/uplinkeditor.cgi) using IP-based ACLs or VPN, limit administrative user accounts to trusted personnel only, and educate users not to click links from untrusted sources within the firewall's web UI. Input validation and output encoding of the NAME parameter should be verified by the vendor to prevent similar XSS in other CGI endpoints.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18282