197 matches found
CVE-2026-27508
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
EUVD-2026-17127
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
EUVD-2026-17126
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-27508
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-27508
CVE-2026-27508 affects Smoothwall Express versions prior to 3.1 Update 13. The issue is a reflected XSS in the /redirect.cgi endpoint caused by improper sanitation of the url parameter. Attackers can craft URLs containing javascript: schemes that execute arbitrary JavaScript in a victim’s browser...
CVE-2026-27508
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-27508 Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-27508 Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352
Affected product/versions: Smoothwall Express
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Versions of Smoothwall Express prior to 3.1 Update 13 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of URL parameters, which could lead to...
PT-2026-29062
Name of the Vulnerable Software and Affected Versions Smoothwall Express versions prior to 3.1 Update 13 Description Smoothwall Express is affected by a reflected cross-site scripting issue. The /redirect.cgi endpoint does not properly sanitize the url parameter, allowing attackers to inject...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Versions of Smoothwall Express prior to 3.1 Update 13 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of VPNIP parameters, and could lead t...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14283)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14287)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...
Smoothwall Express proxy.cgi Endpoint Cross-Site Scripting Vulnerability
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...