Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937.
This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Jul 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2. | |
| Title | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration | |
| First Time appeared |
Watchguard
Watchguard fireware Os |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.4 cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5 cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1 |
|
| Vendors & Products |
Watchguard
Watchguard fireware Os |
|
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: WatchGuard
Published:
Updated: 2026-07-02T23:05:13.056Z
Reserved: 2026-06-25T20:31:06.991Z
Link: CVE-2026-13374
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-03T01:30:04Z
Weaknesses