Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-34808
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34809
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34810
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34811
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34803
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34804
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34805
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34806
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34799
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34800
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved