📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global phishing Cross-sector HIGH 4h Global data_breach Energy CRITICAL 6h Global phishing Government/Multi-sector HIGH 6h Global apt Education CRITICAL 9h Global vulnerability Enterprise Software / ERP Systems CRITICAL 9h Global vulnerability IT Infrastructure CRITICAL 10h Global vulnerability Technology and Software Development HIGH 11h Global vulnerability Enterprise IT and Government CRITICAL 11h Global ransomware Multiple Sectors / Enterprise CRITICAL 12h Global general Technology and Legal MEDIUM 13h Global phishing Cross-sector HIGH 4h Global data_breach Energy CRITICAL 6h Global phishing Government/Multi-sector HIGH 6h Global apt Education CRITICAL 9h Global vulnerability Enterprise Software / ERP Systems CRITICAL 9h Global vulnerability IT Infrastructure CRITICAL 10h Global vulnerability Technology and Software Development HIGH 11h Global vulnerability Enterprise IT and Government CRITICAL 11h Global ransomware Multiple Sectors / Enterprise CRITICAL 12h Global general Technology and Legal MEDIUM 13h Global phishing Cross-sector HIGH 4h Global data_breach Energy CRITICAL 6h Global phishing Government/Multi-sector HIGH 6h Global apt Education CRITICAL 9h Global vulnerability Enterprise Software / ERP Systems CRITICAL 9h Global vulnerability IT Infrastructure CRITICAL 10h Global vulnerability Technology and Software Development HIGH 11h Global vulnerability Enterprise IT and Government CRITICAL 11h Global ransomware Multiple Sectors / Enterprise CRITICAL 12h Global general Technology and Legal MEDIUM 13h
Vulnerabilities

CVE-2026-34813

Medium
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto
CWE-79 — Weakness Type
Published: Apr 2, 2026  ·  Modified: Apr 5, 2026  ·  Source: NVD
CVSS v3
6.4
🔗 NVD Official
📄 Description (English)

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

🤖 AI Executive Summary

CVE-2026-34813 is a stored XSS vulnerability in Endian Firewall versions 3.3.25 and prior affecting the /cgi-bin/proxyuser.cgi endpoint. An authenticated attacker can inject malicious JavaScript through the user parameter that persists and executes for other users, potentially leading to session hijacking, credential theft, or lateral movement within organizational networks. While no public exploit exists and no patch is available, the vulnerability poses a significant risk to Saudi organizations using this firewall solution, particularly in banking and government sectors where administrative access is critical.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 16, 2026 15:16
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in Banking (SAMA-regulated institutions), Government (NCA, Ministry of Interior), Healthcare (MOH facilities), and Telecom sectors (STC, Mobily) that deploy Endian Firewall as perimeter security. The stored XSS vulnerability is particularly dangerous in administrative interfaces where authenticated users manage proxy configurations. Compromised admin accounts could lead to unauthorized access to sensitive network traffic, credential harvesting from other administrators, and potential lateral movement to critical infrastructure. Saudi critical infrastructure operators and financial institutions face elevated risk due to the firewall's role in network segmentation and access control.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Critical Infrastructure
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Inventory all Endian Firewall deployments in your organization and identify instances running version 3.3.25 or earlier

2. Restrict administrative access to /cgi-bin/proxyuser.cgi to trusted IP addresses only via network ACLs

3. Implement Web Application Firewall (WAF) rules to block JavaScript injection patterns in the user parameter

4. Monitor firewall logs for suspicious user parameter inputs containing script tags or event handlers



Compensating Controls:

5. Enforce strong authentication (MFA) for all firewall administrative accounts

6. Implement Content Security Policy (CSP) headers if the firewall supports them to prevent inline script execution

7. Regularly audit firewall user configurations and proxy settings for unauthorized modifications

8. Segment firewall management interfaces on isolated administrative networks

9. Deploy network-based IDS/IPS signatures to detect XSS payloads targeting the vulnerable endpoint



Detection Rules:

- Monitor POST/GET requests to /cgi-bin/proxyuser.cgi containing: <script>, javascript:, onerror=, onload=, onclick=

- Alert on user parameter values exceeding normal length thresholds

- Track changes to proxy user configurations and correlate with administrative access logs



Patching:

- Contact Endian support for security updates or consider migration to alternative firewall solutions with active security support

- Evaluate upgrading to Endian Firewall versions beyond 3.3.25 once patches are released
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. قم بحصر جميع نشرات جدار حماية Endian في مؤسستك وحدد الحالات التي تعمل بالإصدار 3.3.25 أو أقدم

2. قيد الوصول الإداري إلى /cgi-bin/proxyuser.cgi إلى عناوين IP موثوقة فقط عبر قوائم التحكم في الوصول للشبكة

3. طبق قواعد جدار تطبيقات الويب (WAF) لحجب أنماط حقن JavaScript في معامل المستخدم

4. راقب سجلات جدار الحماية للمدخلات المريبة في معامل المستخدم التي تحتوي على علامات البرنامج النصي أو معالجات الأحداث



الضوابط البديلة:

5. فرض المصادقة القوية (MFA) لجميع حسابات الإدارة في جدار الحماية

6. طبق رؤوس سياسة أمان المحتوى (CSP) إذا كان جدار الحماية يدعمها لمنع تنفيذ البرامج النصية المضمنة

7. قم بمراجعة دورية لتكوينات مستخدمي جدار الحماية وإعدادات الوكيل بحثاً عن التعديلات غير المصرح بها

8. قسّم واجهات إدارة جدار الحماية على شبكات إدارية معزولة

9. نشر توقيعات IDS/IPS المستندة إلى الشبكة للكشف عن حمولات XSS التي تستهدف نقطة النهاية الضعيفة



قواعد الكشف:

- راقب طلبات POST/GET إلى /cgi-bin/proxyuser.cgi التي تحتوي على: <script>، javascript:، onerror=، onload=، onclick=

- تنبيه على قيم معامل المستخدم التي تتجاوز حدود الطول العادية

- تتبع التغييرات في تكوينات مستخدمي الوكيل والربط مع سجلات الوصول الإداري



التصحيح:

- اتصل بدعم Endian للحصول على تحديثات أمان أو فكر في الترحيل إلى حلول جدار حماية بديلة مع دعم أمان نشط

- قيّم الترقية إلى إصدارات جدار حماية Endian بعد الإصدار 3.3.25 بمجرد إصدار التصحيحات
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (administrative access restrictions) ECC 2024 A.6.2.1 - User Access Management (authentication and authorization) ECC 2024 A.6.2.2 - User Access Rights Review (monitoring unauthorized modifications) ECC 2024 A.7.1.1 - Information Security Awareness (secure configuration practices)
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset Management (inventory of firewall versions) SAMA CSF PR.AC-1 - Access Control (restrict administrative access) SAMA CSF PR.AC-4 - Access Management (MFA implementation) SAMA CSF DE.CM-1 - Detection and Analysis (monitoring and logging) SAMA CSF RS.MI-2 - Incident Response (containment and mitigation)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of duties (administrative access controls) ISO 27001:2022 A.6.2 - User access management (authentication mechanisms) ISO 27001:2022 A.8.3 - Cryptography (secure communication for admin interfaces) ISO 27001:2022 A.8.22 - Monitoring (detection of XSS attempts) ISO 27001:2022 A.8.23 - Web application security (input validation)
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Change default passwords and security parameters PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 6.5.7 - Cross-site scripting (XSS) prevention PCI DSS 7.1 - Restrict access to cardholder data by business need
📊 CVSS Score
6.4
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeC — Changed
ConfidentialityL — Low / Local
IntegrityL — Low / Local
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score6.4
CWECWE-79
EPSS0.03%
Exploit No
Patch ✗ No
Published 2026-04-02
Source Feed nvd
Views 4
🇸🇦 Saudi Risk Score
6.8
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-79
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.