Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Published: 2026-04-02
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: Stored Cross‑Site Scripting via the group parameter in Endian Firewall’s /cgi-bin/proxygroup.cgi, enabling execution of arbitrary JavaScript by authenticated users.
Action: Apply patch
AI Analysis

Impact

The vulnerability is caused by insufficient sanitization of the group parameter in the /cgi-bin/proxygroup.cgi endpoint of Endian Firewall. An attacker who has authenticated access can inject arbitrary JavaScript that is stored and subsequently executed whenever other users view the affected page, resulting in a stored cross‑site scripting flaw.

Affected Systems

Endian Firewall versions 2.1.2, 2.4, and 3.3.25, as well as earlier releases that correspond to the listed CPE strings, are affected by this issue.

Risk and Exploitability

With a CVSS score of 5.1, the flaw is classified as medium severity. The description specifies that only authenticated users can exploit the vulnerability, implying an internal or privileged threat model. No publicly disclosed exploit is indicated, and the vulnerability is not listed in the CISA KEV catalog. The lack of an EPSS score means that exploit probability is not quantified, but the deficient input handling provides a potential attack path for authenticated insiders.

Generated by OpenCVE AI on April 2, 2026 at 17:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that the installed Endian Firewall version is among the affected releases.
  • Apply the latest security update or upgrade to a version that has corrected the group parameter sanitization in /cgi-bin/proxygroup.cgi.
  • Confirm that the endpoint no longer accepts unsanitized JavaScript input.

Generated by OpenCVE AI on April 2, 2026 at 17:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Title Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting
First Time appeared Endian
Endian firewall
Weaknesses CWE-79
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Endian Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T14:46:07.173Z

Reserved: 2026-03-30T20:26:18.725Z

Link: CVE-2026-34814

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T15:16:49.583

Modified: 2026-04-02T15:16:49.583

Link: CVE-2026-34814

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:30Z

Weaknesses