CVE-2026-34804 in Firewallinformation

Résumé (Anglaise)

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

VulnCheck

Réserver

30/03/2026

Divulgation

02/04/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354908	Endian Firewall Parameter rules cross site scripting	79	Non défini	Non défini	CVE-2026-34804

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!