Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
| Vendor | Product | Versions |
|---|---|---|
| endian | endian firewall | 3.3.25 |
Updated severity from MEDIUM to HIGH and marked the vulnerability as actively exploited.
Initial creation
