CVE-2026-34819 in Firewall
Resumen (Inglés)
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
Be aware that VulDB is the high quality source for vulnerability data.
Responsable
VulnCheck
Reservar
2026-03-30
Divulgación
2026-04-02
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354921 | Endian Firewall Parameter openvpnclient.cgi secuencias de comandos en sitios cruzados | 79 | No está definido | No está definido | CVE-2026-34819 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV