Skip to main content

Firewall Community EUVDEUVD-2026-18318

| CVE-2026-34818 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-02 disclosure@vulncheck.com
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 15:22 euvd
EUVD-2026-18318
Analysis Generated
Apr 02, 2026 - 15:22 vuln.today
CVE Published
Apr 02, 2026 - 15:16 nvd
MEDIUM 5.1

DescriptionCVE.org

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

AnalysisAI

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaScript via the remark parameter in the DNS local domains management interface (/manage/dnsmasq/localdomains/). The injected payload persists in the application and executes when other authenticated users access the affected page, enabling session hijacking, credential theft, or malware distribution within the firewall management environment. No public exploit code or active exploitation has been reported.

Technical ContextAI

This is a classic stored cross-site scripting (CWE-79) vulnerability arising from insufficient input sanitization and output encoding in the Endian Firewall web management interface. The vulnerability exists in the DNS local domains management feature, where user-supplied input via the 'remark' parameter is stored in a backend data store without proper HTML entity encoding or Content Security Policy protection. When the affected page is rendered to other users, the malicious JavaScript executes in their browser context with the privileges of their authenticated session. The network-accessible web interface (AV:N) combined with low attack complexity (AC:L) means any authenticated administrator or operator can trivially craft and submit malicious input. The requirement for user interaction (UI:P) means the payload executes only when another user views the page, limiting but not eliminating impact to confidentiality and integrity of administrative sessions.

RemediationAI

Upgrade Endian Firewall to a patched version released after version 3.3.25. Consult the official Endian advisory at https://www.vulncheck.com/advisories/endian-firewall-manage-dnsmasq-localdomains-remark-stored-cross-site-scripting and the Endian Help Center (https://help.endian.com/hc/en-us/sections/360004371358-Community) for the specific fixed version and upgrade procedures. As an interim workaround, restrict administrative access to the firewall management interface to a minimal set of trusted users, enforce strong authentication and multi-factor authentication where supported, and monitor DNS local domains configuration changes through firewall audit logs. After patching, audit the DNS local domains remark fields for any suspicious entries that may have been injected by previous attackers.

CVE-2021-27201 HIGH POC
8.8 Feb 15

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m

CVE-2026-34797 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar

CVE-2026-34796 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi

CVE-2026-34795 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to

CVE-2026-34794 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co

CVE-2026-34793 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34792 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34791 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t

CVE-2026-34790 HIGH
7.1 Apr 02

Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t

CVE-2026-34821 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34823 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34820 MEDIUM
5.1 Apr 02

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS

Share

EUVD-2026-18318 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy