{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34807", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T20:26:18.725Z", "datePublished": "2026-04-02T14:46:01.108Z", "dateUpdated": "2026-04-02T15:26:08.966Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-02T14:46:01.108Z"}, "title": "Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting", "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page."}], "tags": ["x_open-source"], "datePublic": "2025-12-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "Endian", "product": "Endian Firewall", "versions": [{"version": "3.3.25", "status": "affected", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*"}]}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "references": [{"url": "https://help.endian.com/hc/en-us/sections/360004371358-Community", "name": "Endian Release Notes", "tags": ["release-notes"]}, {"name": "VulnCheck Advisory: Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-incoming-cgi-remark-stored-cross-site-scripting"}], "credits": [{"lang": "en", "value": "Alex Williams from Pellera Technologies", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:26:00.405658Z", "id": "CVE-2026-34807", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:26:08.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34807", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:26:00.405658Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:26:04.442Z"}}], "cna": {"tags": ["x_open-source"], "title": "Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Alex Williams from Pellera Technologies"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Endian", "product": "Endian Firewall", "versions": [{"status": "affected", "version": "3.3.25", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-03T00:00:00.000Z", "references": [{"url": "https://help.endian.com/hc/en-us/sections/360004371358-Community", "name": "Endian Release Notes", "tags": ["release-notes"]}, {"url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-incoming-cgi-remark-stored-cross-site-scripting", "name": "VulnCheck Advisory: Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:endian:firewall:3.3.25:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:endian:firewall:2.1.2:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-02T14:46:01.108Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34807", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:26:08.966Z", "dateReserved": "2026-03-30T20:26:18.725Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-02T14:46:01.108Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:endian:firewall_community:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E1D867-BFFB-431E-A9A8-13BBE099BAF3", "versionEndIncluding": "3.3.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page."}], "id": "CVE-2026-34807", "lastModified": "2026-04-07T15:40:10.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:48.073", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://help.endian.com/hc/en-us/sections/360004371358-Community"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-incoming-cgi-remark-stored-cross-site-scripting"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.3.25"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Endian Firewall", "source": "cna", "vendor": "Endian"}, "product": "firewall", "vendor": "endian"}], "analysis": {"en": {"generated_at": "2026-04-07T23:02:42.839139+00:00", "value": {"mitigation_remediation": ["Check Endian\u2019s official website for a patch or newer firmware that removes the vulnerability in Endian Firewall.", "Upgrade the firewall to the latest supported release that does not have the affected /cgi\u2011bin/incoming.cgi remark functionality.", "If an immediate upgrade is not possible, remove or disable the remark feature via the firewall\u2019s configuration interface to prevent injection.", "Apply a web\u2011application firewall rule or content\u2011security\u2011policy header to mitigate the impact of any stored XSS if the flaw is already present."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Endian Firewall versions 3.3.25 and earlier, including releases 2.1.2, 2.4, 3.3.25, as well as the community edition. No specific sub\u2011versions are listed beyond the major and minor numbers provided.", "description_and_impact": "A stored cross\u2011site scripting flaw exists in Endian Firewall via the remark parameter of the /cgi\u2011bin/incoming.cgi endpoint. An authenticated attacker can submit arbitrary JavaScript that is persisted and executed whenever any user views the affected page. The weakness is a classic stored XSS (CWE\u201179) that can lead to session hijacking, defacement, or theft of sensitive information if a victim\u2019s browser processes the injected script.", "risk_and_exploitability": "The CVSS base score is 5.1, indicating moderate risk, while the EPSS score is reported as below 1%, suggesting low probability of exploitation in the wild. The flaw is not currently cataloged in CISA\u2019s KEV list. Exploitation requires an authenticated user with permissions to submit remarks; the attacker\u2019s malicious payload is then presented to other authenticated or unauthenticated users who access the page, allowing the attacker to execute arbitrary JavaScript in their browsers."}}}}, "created": "2026-04-02T20:11:56.044909+00:00", "updated": "2026-04-08T19:55:56.099623+00:00", "vendors": ["endian", "endian$PRODUCT$firewall"]}