58973 matches found
CVE-2019-25383
CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...
CVE-2019-25382
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...
CVE-2019-25381 Smoothwall Express 3.1 'hosts.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...
CLSA-2026-1771236630 nodejs: Fix of CVE-2026-21637
CVE-2026-21637: route callback exceptions through error handlers...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...
PT-2026-8367
Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC PORT...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the urlfilter.cgi endpoint in the REDIRECTPAGE or CHILDREN parameter on the user-supplied data lack of effective filterin...
PT-2026-8371
Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRC IP and COMMENT...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Version 3.1-SP4-polar-x8664-update9 of Smoothwall Express contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripting vulnerabiliti...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...
PT-2026-8374
Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the smoothinfo.cgi endpoint WRAP or SECTIONTITLE parameter on the user-supplied data lack of effective filtering an...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the portfw.cgi script multiple parameters of the user-supplied data lack of effective filtering and escaping , an attacke...
CVE-2019-25375
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...
CVE-2019-25376
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...
CVE-2019-25376
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...
CVE-2019-25374
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...
CVE-2019-25370
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...