CVE-2026-3343 (GCVE-0-2026-3343)
Vulnerability from cvelistv5 – Published: 2026-03-03 13:17 – Updated: 2026-03-04 15:22
VLAI?
Title
WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI
Summary
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.
This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
12.7 , ≤ 12.11.7
(semver)
Affected: 2025.1 , ≤ 2026.1.1 (semver) |
Credits
btaol
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T14:44:26.500886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:45:43.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "12.11.7",
"status": "affected",
"version": "12.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "2026.1.1",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.7",
"versionEndIncluding": "12.11.7",
"versionStartIncluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2026.1.1",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "btaol"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003eThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\n\nThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WatchGuard is not aware of any exploitation of this issue in the wild."
}
],
"value": "WatchGuard is not aware of any exploitation of this issue in the wild."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:22:22.283Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004"
}
],
"source": {
"advisory": "WGSA-2026-00004",
"defect": [
"FBX-31282"
],
"discovery": "EXTERNAL"
},
"title": "WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2026-3343",
"datePublished": "2026-03-03T13:17:48.810Z",
"dateReserved": "2026-02-27T15:37:10.115Z",
"dateUpdated": "2026-03-04T15:22:22.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3343\",\"sourceIdentifier\":\"5d1c2695-1a31-4499-88ae-e847036fd7e3\",\"published\":\"2026-03-03T14:15:57.687\",\"lastModified\":\"2026-03-04T19:34:56.143\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\\n\\nThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de cross-site scripting (XSS) reflejada en la interfaz de usuario web de Fireware OS permiti\u00f3 la ejecuci\u00f3n de JavaScript malicioso en el contexto del navegador de un usuario de gesti\u00f3n autenticado cuando hacen clic en un enlace especialmente dise\u00f1ado.\\n\\nEsta vulnerabilidad afecta a Fireware OS 12.7 hasta e incluyendo 12.11.7 y 2025.1 hasta e incluyendo 2026.1.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"5d1c2695-1a31-4499-88ae-e847036fd7e3\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"5d1c2695-1a31-4499-88ae-e847036fd7e3\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.7\",\"versionEndExcluding\":\"12.11.8\",\"matchCriteriaId\":\"5A96DE7F-D807-4BC7-BECE-D0281939D36C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E472917E-D6E1-4C2D-B37D-E76FCC7307CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A8C7779-4466-4A9E-B191-929E7746DFF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CE9A123-B769-4E56-845E-DC3DA6166C78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180FAE8C-2E73-4C09-AA11-0C82A7715FA3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"309DBEF2-1D92-4641-827F-D99758B5FFA3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1E8CFC5-51FE-4D75-845F-D70C30AF11B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBFBA966-E052-4350-9544-3B5D484DBB6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF1E586D-0E88-447A-95E8-5203EF869ADB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC087C4-CB10-46D4-A746-0C462354410C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59389EA2-3067-4AF8-AEC5-FE79E269C170\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"445FA7CD-D0AE-4176-9AE5-293B918DE654\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4A7366-0304-431E-B3E4-719BA575CEAC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8512B4A-5269-4067-B9C6-475A4E8AD313\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"179C6166-87E1-44F8-B727-CDDE40C673D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"584107CC-6136-4AA1-AE68-73B93BDDB5B6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9295217E-C1A0-4A69-A0F0-C44814BB376C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DC49246-2166-4681-8D67-4C0940884872\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC853916-8BDC-4F7C-BA53-D6AB490A9444\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3562304-0317-4A3C-B622-D5CE01CC97F9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327BA50A-366A-4367-93B8-328EC0136FA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3552F3BB-8021-4E87-987D-870699A7E619\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"158560A0-D694-41AF-A5F8-0F6FB3EFB8FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ECAE1D7-9868-4730-B645-44CB1B6FDE96\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2025.1\",\"versionEndExcluding\":\"2026.1.2\",\"matchCriteriaId\":\"4D0AAD6D-2794-444D-9866-3E81B1EE2E26\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"615FF2CF-69DA-4890-9236-52D8D6FA0E71\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3439409-2FD6-447B-91CF-17D1C09E2A79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"575CC5EE-0278-489B-AA95-5EC5058D6FB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5597F672-3C72-4BCF-AD3F-F16B6913EC2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8AAE66B-DD19-4C90-8DFC-F77BA1541642\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FC18430-C6B4-4395-BFF1-83BB005875BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7C1C91-8B6E-4FB0-841E-7F88B06B1435\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FE309D6-BD5E-4D18-91C3-A492C3576115\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75959D39-0960-4836-96C7-DB8048DDE4B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0087049-27C6-4B18-A645-72A8F63D7C6D\"}]}]}],\"references\":[{\"url\":\"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004\",\"source\":\"5d1c2695-1a31-4499-88ae-e847036fd7e3\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3343\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-03T14:44:26.500886Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-03T14:45:31.213Z\"}}], \"cna\": {\"title\": \"WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI\", \"source\": {\"defect\": [\"FBX-31282\"], \"advisory\": \"WGSA-2026-00004\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"btaol\"}], \"impacts\": [{\"capecId\": \"CAPEC-591\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-591 Reflected XSS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WatchGuard\", \"product\": \"Fireware OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.11.7\"}, {\"status\": \"affected\", \"version\": \"2025.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2026.1.1\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"WatchGuard is not aware of any exploitation of this issue in the wild.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"WatchGuard is not aware of any exploitation of this issue in the wild.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\\n\\nThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003eThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.\u003c/div\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.7\", \"vulnerable\": true, \"versionEndIncluding\": \"12.11.7\", \"versionStartIncluding\": \"12.7\"}, {\"criteria\": \"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1\", \"vulnerable\": true, \"versionEndIncluding\": \"2026.1.1\", \"versionStartIncluding\": \"2025.1\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"5d1c2695-1a31-4499-88ae-e847036fd7e3\", \"shortName\": \"WatchGuard\", \"dateUpdated\": \"2026-03-04T15:22:22.283Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-3343\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T15:22:22.283Z\", \"dateReserved\": \"2026-02-27T15:37:10.115Z\", \"assignerOrgId\": \"5d1c2695-1a31-4499-88ae-e847036fd7e3\", \"datePublished\": \"2026-03-03T13:17:48.810Z\", \"assignerShortName\": \"WatchGuard\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…