CVE-2026-34817 in Firewall
Resumen (Inglés)
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Responsable
VulnCheck
Reservar
2026-03-30
Divulgación
2026-04-02
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354922 | Endian Firewall Parameter smtprouting.cgi secuencias de comandos en sitios cruzados | 79 | No está definido | No está definido | CVE-2026-34817 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV