19 matches found
CVE-2019-25379
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...
CVE-2019-25395
CVE-2019-25395 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a stored cross-site scripting flaw in preferences.cgi, exploitable via POST requests that inject payloads through HOSTNAME, KEYMAP, and OPENNESS parameters. The attacker can store malicious script on the ...
CVE-2019-25393 Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25393
CVE-2019-25393 — Smoothwall Express 3.1 has a reflected cross-site scripting vulnerability in the smoothinfo.cgi endpoint. The issue arises from insufficient input validation, allowing unauthenticated attackers to submit POST payloads in WRAP or SECTIONTITLE to inject arbitrary JavaScript in vict...
CVE-2019-25393 Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25392 Smoothwall Express 3.1 'iptools.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the iptools.cgi endpoint. Attackers can exploit by sending POST requests with malicious payloads in the IP parameter, enabling unauthorized execution of JavaScript in victims’ browsers. The ...
CVE-2019-25392 Smoothwall Express 3.1 'iptools.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
CVE-2019-25385 Smoothwall Express 3.1 'outgoing.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to...
CVE-2019-25384
CVE-2019-25384 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in portfw.cgi. The XSS is triggered by unvalidated parameters (EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, COMMENT) via POST requests, allowing execution of arbitrary JavaS...
CVE-2019-25383 Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...
CVE-2019-25383
CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...
CVE-2019-25381 Smoothwall Express 3.1 'hosts.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...
CVE-2019-25380 Smoothwall Express 3.1 'dhcp.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...
CVE-2019-25379
CVE-2019-25379 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored and reflected XSS in the urlfilter.cgi endpoint. Attackers can submit POST payloads in REDIRECT_PAGE or CHILDREN to inject JavaScript in user browsers. The provided metrics show CVSS v3.1 base score 7.2 (HIGH) and...
CVE-2019-25379 Smoothwall Express 3.1 'urlfilter.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...
CVE-2019-25380 Smoothwall Express 3.1 'dhcp.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...
CVE-2019-25378 Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
CVE-2011-5283
CVE-2011-5283 is an XSS vulnerability in Smoothwall Express (web management interface) via httpd/cgi-bin/ipinfo.cgi, affecting Smoothwall Express 3.1 and 3.0 SP3 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML through the IP parameter in a Run action. Exploit...