CVE-2026-34820 in Firewallinfo

Summary

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

VulnCheck

Reservation

03/30/2026

Disclosure

04/02/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
354923Endian Firewall Parameter ipsec cross site scripting79Not definedNot definedCVE-2026-34820

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!