CVE-2026-34801 in Endian Firewallinfo

Summary

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Responsible

VulnCheck

Reservation

03/30/2026

Disclosure

04/02/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354905	Endian Firewall Parameter fixed_leases cross site scripting	79	Not defined	Official fix	CVE-2026-34801

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!