Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14288)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the urlfilter.cgi endpoint in the REDIRECTPAGE or CHILDREN parameter on the user-supplied data lack of effective filterin...

CVE-2019-25379

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...

CVE-2019-25379 Smoothwall Express 3.1 'urlfilter.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...

CVE-2019-25379

CVE-2019-25379 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored and reflected XSS in the urlfilter.cgi endpoint. Attackers can submit POST payloads in REDIRECT_PAGE or CHILDREN to inject JavaScript in user browsers. The provided metrics show CVSS v3.1 base score 7.2 (HIGH) and...

CVE-2023-49272

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

CVE-2023-49272

Hotel Management v1.0 is affected by multiple authenticated Reflected XSS flaws. The vulnerability stems from the children parameter in reservation.php, whose value is echoed into the HTML document as plain text. This could allow attackers who have valid access to craft inputs that are reflected ...