Skip to main content

Firewall Community EUVDEUVD-2026-18320

| CVE-2026-34819 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-02 disclosure@vulncheck.com GHSA-h6h2-h2qj-ww49
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 15:22 euvd
EUVD-2026-18320
Analysis Generated
Apr 02, 2026 - 15:22 vuln.today
CVE Published
Apr 02, 2026 - 15:16 nvd
MEDIUM 5.1

DescriptionCVE.org

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

AnalysisAI

Stored cross-site scripting in Endian Firewall 3.3.25 and earlier allows authenticated attackers to inject arbitrary JavaScript via the REMARK parameter in /cgi-bin/openvpnclient.cgi, with the payload persisted and executed when other users access the affected page. CVSS 5.1 reflects low immediate impact due to user interaction requirement and limited scope, but the stored nature increases attack persistence; no public exploit code or CISA KEV confirmation identified at time of analysis.

Technical ContextAI

The vulnerability exists in the OpenVPN client configuration interface of Endian Firewall, a network security appliance. The root cause is improper input validation and output encoding of user-supplied data in the REMARK parameter passed to the openvpnclient.cgi script (CWE-79: Improper Neutralization of Input During Web Page Generation). Unlike reflected XSS, stored XSS requires the web application to persistently save unsanitized user input in a backend store (typically a database or configuration file) and then serve it to other authenticated users without proper encoding. This attack vector is particularly dangerous in administrative or management interfaces where multiple authorized users review configurations.

RemediationAI

Upgrade Endian Firewall to a patched version released after 3.3.25. Consult the vendor advisory at https://help.endian.com/hc/en-us/sections/360004371358-Community for the specific fix version and installation instructions. Until patching is completed, mitigate risk by restricting access to the Endian Firewall web administration interface to trusted IP addresses or networks via firewall rules, limiting the number of authenticated accounts with configuration access, and monitoring access logs for suspicious REMARK parameter input or XSS payload patterns. Additionally, educate administrators to avoid clicking on unexpected links or reviewing configurations from untrusted sources within the web UI.

CVE-2021-27201 HIGH POC
8.8 Feb 15

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m

CVE-2026-34797 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar

CVE-2026-34796 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi

CVE-2026-34795 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to

CVE-2026-34794 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co

CVE-2026-34793 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34792 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34791 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t

CVE-2026-34790 HIGH
7.1 Apr 02

Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t

CVE-2026-34821 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34823 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34820 MEDIUM
5.1 Apr 02

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS

Share

EUVD-2026-18320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy