Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored XSS in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaScript via the remark parameter in /cgi-bin/snat.cgi, which persists and executes when other administrators or users access the affected page. The vulnerability requires low-privilege authentication and user interaction (page view), limiting immediate impact but creating persistent data integrity and session hijacking risks within the appliance administrative interface.
Technical ContextAI
The vulnerability is a classic stored cross-site scripting (CWE-79) flaw in the Endian Firewall's Source NAT configuration interface. The /cgi-bin/snat.cgi CGI script fails to properly sanitize or encode user-supplied input in the remark parameter before storing it in the appliance's configuration database and re-rendering it in subsequent page views. Endian Firewall is a network security appliance running a custom web-based management interface; the affected component handles Source Network Address Translation (SNAT) rule configuration. The stored payload remains in the application state, meaning every user who views the SNAT configuration page will trigger the injected JavaScript in their browser, potentially within an authenticated administrative session context.
RemediationAI
Upgrade Endian Firewall to a patched version released by Endian after version 3.3.25. Consult Endian's official security advisories and release notes at help.endian.com for the specific fixed version. If an immediate patch is unavailable, implement compensatory controls: restrict administrative access to the Endian Firewall management interface to trusted IP ranges, enforce strong authentication (SSH key-based access if available), disable or limit user roles that have write-access to SNAT configuration, and monitor audit logs for suspicious remark field modifications. Additionally, train administrative staff to avoid viewing SNAT configuration pages from untrusted network segments until patching is complete, and disable JavaScript in the browser for the management interface if operationally feasible.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18294
GHSA-2c95-2h45-q2j7