A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.
This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 38
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Watchguard Fireware
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
|
12.7
|
12.11.8
|
|
Watchguard Firebox_M270
cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M290
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M370
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M390
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M440
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M4600
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M470
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M4800
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M5600
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M570
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M5800
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M590
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M670
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M690
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_Nv5
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T20
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T25
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T40
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T45
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T55
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T70
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T80
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T85
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Fireboxcloud
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Fireboxv
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Fireware
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
|
2025.1
|
2026.1.2
|
|
Watchguard Firebox_M295
cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M395
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M495
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M595
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_M695
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T115-W
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T125
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T125-W
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T145
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T145-W
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
|
— | — |
|
Watchguard Firebox_T185
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
|
— | — |