CVE-2026-57691 in Anti-Malware Security and Brute-Force Firewall Plugininfo

Summary

by MITRE • 07/13/2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through <= 4.23.89.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/13/2026

This cross-site scripting vulnerability resides within the Eli Anti-Malware Security and Brute-Force Firewall plugin, specifically manifesting in the gotmls component responsible for web page generation. The flaw represents a classic reflected cross-site scripting vulnerability where malicious input is not properly sanitized before being rendered back to users through web pages. This weakness allows attackers to inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the affected application's security context.

The technical implementation of this vulnerability stems from insufficient input validation and output encoding mechanisms within the plugin's web generation routines. When user-supplied parameters are directly incorporated into dynamically generated web content without proper sanitization or escaping, the system becomes susceptible to reflected cross-site scripting attacks. Attackers can craft malicious URLs containing script payloads that, when executed by victims' browsers, exploit the vulnerability through the plugin's processing of user input during page generation. This issue affects all versions of the Anti-Malware Security and Brute-Force Firewall plugin up to and including version 4.23.89, indicating a widespread exposure across multiple releases.

The operational impact of this reflected XSS vulnerability extends beyond simple script execution, potentially enabling sophisticated attack vectors that leverage the compromised plugin's security context. An attacker could exploit this flaw to steal administrator sessions, manipulate security configurations, or redirect users to malicious sites that appear legitimate within the trusted firewall interface. The vulnerability's presence in a security plugin creates particular concern as it undermines the very protection mechanisms designed to defend against such attacks, potentially allowing threat actors to bypass security controls and escalate privileges within the affected environment.

Mitigation strategies for this reflected XSS vulnerability should prioritize immediate version updates to the plugin, with administrators upgrading to versions beyond 4.23.89 where the vulnerability has been addressed. Additionally, implementing proper input validation and output encoding measures at all entry points where user data is processed and rendered in web contexts provides defense-in-depth protection. Network monitoring should be enhanced to detect suspicious script injection patterns, while security headers including Content-Security-Policy should be implemented to limit script execution capabilities. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and follows ATT&CK technique T1566.001 for initial access through spearphishing attachments or links that could exploit such vulnerabilities in security software components.

Organizations utilizing this plugin should conduct comprehensive security assessments to identify any potential exploitation attempts and implement web application firewalls to detect and block malicious script payloads. Regular security patching protocols must be enforced, particularly for security plugins that directly interface with user-facing web applications. The vulnerability demonstrates the critical importance of input sanitization in security tools themselves, as these components often handle sensitive data and require robust protection against injection attacks that could compromise their defensive capabilities.

Responsible

Patchstack

Reservation

06/25/2026

Disclosure

07/13/2026

Moderation

accepted

CPE

ready

EPSS

0.00201

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!