Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Published: 2026-04-02
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch Immediately
AI Analysis

Impact

The Endian Firewall component /cgi-bin/zonefw.cgi contains a stored cross‑site scripting flaw that is triggered by supplying malicious content in the remark parameter. An attacker who authenticates with sufficient privileges can inject arbitrary JavaScript; the script is persisted and executed in the browsers of any user who later views the affected page. This weakness is classified as CWE‑79.

Affected Systems

Endian Firewall releases 2.1.2, all 2.4 sub‑releases, and 3.3.25 are affected. Users of these versions are susceptible to the remark‑parameter XSS vulnerability.

Risk and Exploitability

The CVSS base score of 5.1 indicates moderate severity. Exploitation requires authenticated administrative access, limiting the attacker to users with such privileges. The EPSS metric is not available, and the issue is not listed in CISA’s Known Exploited Vulnerabilities catalog, suggesting that widespread exploitation is currently unlikely. Because the vulnerability is stored, any user who accesses the affected page after the injection will have the malicious script executed in their browser.

Generated by OpenCVE AI on April 2, 2026 at 17:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Endian Firewall to a version that removes the zonefw.cgi remark stored XSS flaw (consult Endian’s release notes or support portal for the applicable update).
  • If an update cannot be applied immediately, restrict administrative access to the affected functionality and monitor the web interface for suspicious input.

Generated by OpenCVE AI on April 2, 2026 at 17:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Title Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting
First Time appeared Endian
Endian firewall
Weaknesses CWE-79
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T18:38:54.294Z

Reserved: 2026-03-30T20:26:18.725Z

Link: CVE-2026-34809

cve-icon Vulnrichment

Updated: 2026-04-02T18:38:47.113Z

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:48.497

Modified: 2026-04-02T15:16:48.497

Link: CVE-2026-34809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:35Z

Weaknesses