Cross-site scripting in Fireware OS - CVE-2026-13377
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote user to inject arbitrary script code into generated web pages.
The vulnerability exists due to cross-site scripting in the SIP Proxy module when generating web pages from stored configuration input. A remote privileged user can inject a specially crafted payload to inject arbitrary script code into generated web pages.
This issue is described as an additional unmitigated attack path for CVE-2025-6947.