Cross-site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2026-13373
4.8MEDIUM
What is CVE-2026-13373?
A stored Cross-site Scripting (XSS) vulnerability exists in WatchGuard Fireware OS, specifically within the Tigerpaw Technology Integration module. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially compromising their data and security. This flaw presents an additional attack vector that remains unaddressed from previous vulnerabilities, enabling further exploitation within affected systems. Users of Fireware OS versions from 12.4 to 12.12, as well as certain builds of versions 12.5 and 2025.1 to 2026.2, are encouraged to review protective measures urgently.
Affected Version(s)
Fireware OS 12.4 <= 12.12
Fireware OS 12.5 <= 12.5.18
Fireware OS 2025.1 <= 2026.2
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)
