5435 matches found
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-27508 Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-27508
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-27508 Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-27508
CVE-2026-27508 affects Smoothwall Express versions prior to 3.1 Update 13. The issue is a reflected XSS in the /redirect.cgi endpoint caused by improper sanitation of the url parameter. Attackers can craft URLs containing javascript: schemes that execute arbitrary JavaScript in a victim’s browser...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352
Affected product/versions: Smoothwall Express
PT-2026-29062
Name of the Vulnerable Software and Affected Versions Smoothwall Express versions prior to 3.1 Update 13 Description Smoothwall Express is affected by a reflected cross-site scripting issue. The /redirect.cgi endpoint does not properly sanitize the url parameter, allowing attackers to inject...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Versions of Smoothwall Express prior to 3.1 Update 13 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of URL parameters, which could lead to...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Versions of Smoothwall Express prior to 3.1 Update 13 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of VPNIP parameters, and could lead t...
CVE-2026-33979
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
@forklaunch/core (>=0.19.0 <=1.5.2), @forklaunch/express (>=0.11.0 <=1.2.32) +17 more potentially affected by CVE-2026-34220 via @mikro-orm/core (>=7.0.0-dev.10 <=7.0.6-dev.9)
@mikro-orm/core NPM version =7.0.0-dev.10, =0.19.0, =0.11.0, =0.9.0, =0.6.0, =0.9.0, =0.9.0, =0.9.0, =0.10.0, =0.9.0, =0.5.0, =0.5.0, =0.8.22, =0.8.22, =0.4.0, =0.1.0, =1.2.18 and more Source cves: CVE-2026-34220 Source advisory: OSV:GHSA-GWHV-J974-6FXM...
CVE-2026-33979
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
CVE-2026-33979
CVE-2026-33979 affects the Express XSS Sanitizer middleware (Express 4.x/5.x). The root cause is that, in versions prior to 2.0.2, explicitly provided empty configurations for allowedTags or allowedAttributes are ignored, causing a fallback to sanitize-html’s permissive defaults. This leads to a ...
CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
CVE-2026-33979
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...