Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947.
This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 02 Jul 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2. | |
| Title | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration | |
| First Time appeared |
Watchguard
Watchguard fireware Os |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0 cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5 cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1 |
|
| Vendors & Products |
Watchguard
Watchguard fireware Os |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: WatchGuard
Published:
Updated: 2026-07-02T23:05:32.445Z
Reserved: 2026-06-25T20:34:54.862Z
Link: CVE-2026-13377
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-03T00:30:04Z
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')