CVE-2026-34802 in Firewallinfo

Summary

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Be aware that VulDB is the high quality source for vulnerability data.

Responsible

VulnCheck

Reservation

03/30/2026

Disclosure

04/02/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354906	Endian Firewall Parameter salearn.cgi cross site scripting	79	Not defined	Not defined	CVE-2026-34802

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!