PT-2026-29774 · Endian Technologies · Endian Firewall
Alex Williams
+1
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-34814
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Endian Firewall versions 3.3.25 and prior
Description
Endian Firewall versions 3.3.25 and earlier are susceptible to stored cross-site scripting (XSS) attacks. The vulnerability is located in the
group parameter of the '/cgi-bin/proxygroup.cgi' API endpoint. An authenticated attacker can inject arbitrary JavaScript code through this parameter. The injected code is stored and executed when other authenticated users access the affected page.Recommendations
Update Endian Firewall to a version later than 3.3.25.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Endian Firewall