Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Published: 2026-04-02
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch
AI Analysis

Impact

This vulnerability allows a user with legitimate credentials to embed malicious JavaScript in the remark field of the /manage/ipsec/ page. Once stored, the script runs whenever the target page is viewed by other authenticated users, compromising the confidentiality and integrity of user sessions. The weakness is a classic stored XSS flaw categorized as CWE‑79.

Affected Systems

The flaw affects Endian Firewall releases up to and including version 3.3.25. Versions 2.1.2, 2.4, and the community build are also listed as vulnerable in the vendor’s CPE data. Users operating any of these firmware branches are potentially exposed.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate impact, while the EPSS score of less than 1% suggests current exploitation likelihood is low. The vulnerability is not listed in the KEV catalog, implying no known active exploitation. The attack vector requires authentication, meaning an attacker must first gain legitimate access—either through credential compromise or insider threat—to inject the malicious script.

Generated by OpenCVE AI on April 7, 2026 at 19:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Endian Firewall to a version later than 3.3.25 or install any vendor‑issued patch addressing the remark XSS issue.
  • Verify the operating system and application configuration to ensure only authorized users can modify the /manage/ipsec/ remark field.
  • Monitor system logs for unusual authentication activity that might indicate credential compromise.
  • If a patch or upgrade is delayed, consider restricting access to the relevant management interface or disabling the remark feature until remediation is applied.

Generated by OpenCVE AI on April 7, 2026 at 19:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Endian firewall Community
CPEs cpe:2.3:a:endian:firewall_community:*:*:*:*:*:*:*:*
Vendors & Products Endian firewall Community

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Title Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting
First Time appeared Endian
Endian firewall
Weaknesses CWE-79
CPEs cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*
cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*
Vendors & Products Endian
Endian firewall
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Endian Firewall Firewall Community
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-03T18:33:23.001Z

Reserved: 2026-03-30T20:26:18.726Z

Link: CVE-2026-34820

cve-icon Vulnrichment

Updated: 2026-04-03T18:29:08.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T15:16:50.960

Modified: 2026-04-07T14:19:11.880

Link: CVE-2026-34820

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:48Z

Weaknesses