Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
AnalysisAI
Stored cross-site scripting in Endian Firewall version 3.3.25 and prior allows authenticated attackers to inject arbitrary JavaScript via the group parameter in /cgi-bin/proxygroup.cgi, with the malicious payload persisting and executing when other users access the affected page. CVSS score of 5.1 reflects moderate severity with limited scope of impact; exploitation requires prior authentication and user interaction but can affect confidentiality and integrity within the application context. No public exploit code or active exploitation has been confirmed at the time of analysis.
Technical ContextAI
The vulnerability is a stored cross-site scripting (XSS) flaw classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The Endian Firewall administrative interface fails to properly sanitize or encode user-supplied input in the group parameter before storing and reflecting it in the /cgi-bin/proxygroup.cgi endpoint. This is a classic server-side input validation failure where malicious JavaScript is accepted, stored in the application state or database, and then rendered without proper HTML entity encoding to subsequent users. The vulnerability affects the Endian Firewall platform, which is a network security and proxy management appliance commonly deployed in enterprise environments.
RemediationAI
Organizations should upgrade Endian Firewall to a patched version released after 3.3.25; the specific patched version number should be obtained from Endian's official advisory at https://help.endian.com/hc/en-us/sections/360004371358-Community or the VulnCheck advisory at https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-proxygroup-cgi-group-stored-cross-site-scripting. Until patching is feasible, administrators should restrict access to the Endian Firewall administrative interface to trusted networks and users, disable or isolate the /cgi-bin/proxygroup.cgi endpoint if it is not actively required, and audit existing proxy group configurations for any suspicious or unusual values that may indicate prior exploitation.
More in Firewall Community
View allEndian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m
Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar
Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi
Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject
Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary
Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18310
GHSA-x6hh-28rh-8738