Description
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Vulnerability Research Laboratory · textremotehardware
https://www.exploit-db.com/exploits/36831
exploitdb
WRITEUP
VERIFIED
by Vulnerability Research Laboratory · textremotehardware
https://www.exploit-db.com/exploits/36832
exploitdb
WRITEUP
VERIFIED
by Vulnerability Research Laboratory · textremotehardware
https://www.exploit-db.com/exploits/36833
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73330
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52076
Various Sources x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=436
Exploit x_refsource_misc
http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html
Scores
EPSS
0.0319
EPSS Percentile
87.1%
Details
CWE
CWE-79
Status
published
Products (1)
endian/firewall
2.4
Published
Sep 15, 2012
Tracked Since
Feb 18, 2026