A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on

Description

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

Affected Products

Vendor	Product	Versions
watchguard	fireware	< 12.11.8, < 2026.1.2

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004(Vendor Advisory)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

12.11.82026.1.2

CWECWE-79

PublishedMar 3, 2026

Last enriched5d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on

Description

Affected Products

References

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline