CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/02/16 12:0 a.m.•6 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the portfw.cgi script multiple parameters of the user-supplied data lack of effective filtering and escaping , an attacke...

6.1CVSS5.9AI score0.00225EPSS

Positive Technologies•added 2026/02/16 12:0 a.m.•8 views

PT-2026-8367

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC PORT...

6.1CVSS5.6AI score0.00225EPSS

CNNVD•added 2026/02/16 12:0 a.m.•8 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

6.1CVSS5.9AI score0.00225EPSS

CNNVD•added 2026/02/16 12:0 a.m.•5 views

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

6.1CVSS5.9AI score0.00244EPSS

NVD•added 2026/02/15 2:16 p.m.•8 views

CVE-2019-25375

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

6.1CVSS0.0036EPSS

OSV•added 2026/02/15 2:16 p.m.•5 views

CVE-2019-25374

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...

6.1CVSS5.8AI score

Exploits0References4

NVD•added 2026/02/15 2:16 p.m.•8 views

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

6.1CVSS0.00363EPSS

OSV•added 2026/02/15 2:16 p.m.•5 views

CVE-2019-25376

6.1CVSS5.7AI score

Exploits0References4

NVD•added 2026/02/15 2:16 p.m.•7 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS

OSV•added 2026/02/15 2:16 p.m.•5 views

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score

Exploits0References4

ATTACKERKB•added 2026/02/15 1:58 p.m.•10 views

CVE-2019-25376

6.1CVSS5.6AI score0.00363EPSS

EUVD•added 2026/02/15 1:58 p.m.•6 views

EUVD-2019-19420

6.1CVSS5.8AI score0.0036EPSS

ATTACKERKB•added 2026/02/15 1:58 p.m.•7 views

CVE-2019-25375

6.1CVSS5.7AI score0.0036EPSS

EUVD•added 2026/02/15 1:58 p.m.•5 views

EUVD-2019-19421

6.1CVSS5.8AI score0.00319EPSS

ATTACKERKB•added 2026/02/15 1:58 p.m.•5 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

6.4CVSS5.5AI score0.00199EPSS

Cvelist•added 2026/02/15 1:58 p.m.•25 views

CVE-2019-25374 OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

6.1CVSS0.00319EPSS

Vulnrichment•added 2026/02/15 1:58 p.m.•5 views

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.6AI score0.00241EPSS

CVE•added 2026/02/15 1:58 p.m.•18 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00241EPSS

Cvelist•added 2026/02/15 1:58 p.m.•29 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

6.1CVSS0.00241EPSS