Shodan
Vulnerabilities
Vulnerable Software
Endian:  >> Firewall Community  Security Vulnerabilities
CVE-2026-34821
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34822
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34823
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34816
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34817
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34818
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34819
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34820
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34812
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02
CVE-2026-34813
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved