CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/16 5:5 p.m.•4 views

CVE-2019-25388

Vulnrichment•added 2026/02/16 5:5 p.m.•5 views

CVE-2019-25388 Smoothwall Express 3.1 'ipblock.cgi' Cross-Site Scripting

CVE•added 2026/02/16 5:5 p.m.•12 views

CVE-2019-25388

The vulnerability CVE-2019-25388 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, specifically the ipblock.cgi endpoint. It is a reflected cross-site scripting flaw where a crafted POST request can inject script tags through SRC_IP and COMMENT parameters, allowing arbitrary JavaScript exe...

Vulnrichment•added 2026/02/16 5:5 p.m.•1 views

CVE-2019-25387 Smoothwall Express 3.1 'xtaccess.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

CVE•added 2026/02/16 5:5 p.m.•13 views

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x86_64-update9 is affected by a reflected cross-site scripting vulnerability in xtaccess.cgi. An unauthenticated attacker can inject JavaScript by sending crafted input to the xtaccess.cgi endpoint via POST, exploiting the EXT, DEST_PORT, or COMMENT parameters to ...

CVE•added 2026/02/16 5:4 p.m.•27 views

CVE-2019-25385

The CVE affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, where the outgoing.cgi endpoint is vulnerable to a reflected cross-site scripting (XSS) via the MACHINE and MACHINECOMMENT parameters. An attacker can craft POST requests to execute arbitrary JavaScript in victims’ browsers and pote...

CVE•added 2026/02/16 5:4 p.m.•9 views

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

Cvelist•added 2026/02/16 5:4 p.m.•23 views

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

Cvelist•added 2026/02/16 5:4 p.m.•26 views

CVE-2019-25385 Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to...

ATTACKERKB•added 2026/02/16 5:4 p.m.•5 views

CVE-2019-25386

ATTACKERKB•added 2026/02/16 5:4 p.m.•5 views

CVE-2019-25385

Vulnrichment•added 2026/02/16 5:4 p.m.•3 views

CVE-2019-25385 Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting

Vulnrichment•added 2026/02/16 5:4 p.m.•4 views

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Cvelist•added 2026/02/16 5:4 p.m.•24 views

CVE-2019-25384 Smoothwall Express 3.1 'portfw.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRCPORTSEL,...

ATTACKERKB•added 2026/02/16 5:4 p.m.•4 views

CVE-2019-25384

Vulnrichment•added 2026/02/16 5:4 p.m.•2 views

CVE-2019-25384 Smoothwall Express 3.1 'portfw.cgi' Cross-Site Scripting

CVE•added 2026/02/16 5:4 p.m.•10 views

CVE-2019-25384

CVE-2019-25384 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in portfw.cgi. The XSS is triggered by unvalidated parameters (EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, COMMENT) via POST requests, allowing execution of arbitrary JavaS...

CVE•added 2026/02/16 5:4 p.m.•10 views

CVE-2019-25383

CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...

Cvelist•added 2026/02/16 5:4 p.m.•27 views

CVE-2019-25383 Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...