Cross-site scripting in Fireware OS - CVE-2026-13373
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote user to inject arbitrary script code.
The vulnerability exists due to cross-site scripting in the Tigerpaw Technology Integration module when generating web pages with stored input. A remote privileged user can submit specially crafted input to inject arbitrary script code.
User interaction is required to trigger the stored payload.