Cross-site scripting in Fireware OS - CVE-2026-13376
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote user to perform stored cross-site scripting.
The vulnerability exists due to cross-site scripting in the spamBlocker module when generating web pages with stored input. A remote privileged user can inject a specially crafted payload to perform stored cross-site scripting.
User interaction is required to trigger the malicious content.