CVE-2026-34799 in Endian Firewallinfo

Summary

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

VulnCheck

Reservation

03/30/2026

Disclosure

04/02/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354899	Endian Firewall Parameter hosts cross site scripting	79	Not defined	Not defined	CVE-2026-34799

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!